Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems with GSearch

Started by NorthernLight , Jul 27 2010 10:19 AM

This topic is locked

#1
NorthernLight

Posted 27 July 2010 - 10:19 AM

Member

Member
41 posts

My father downloaded something called savetubevideo which has installed Gsearch. At first it changed my homepage as well as hid the menu bar, address bar and bookmark bars in firefox. Initially i fixed the homepage and firefox myself before running MBAM, after which it seemed fixed. But recently i keep getting redirected every couple of minutes to a search page named GSearch. Any help is appreciated

MBAM log is clear

Gmer rootkit scanner appears to crash my pc a few minutes after starting the scan

OTL:

OTL logfile created on: 27/07/2010 17:03:07 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\aarons
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 26.81 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOPPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 04:25:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\aarons\OTL.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/04 11:38:22 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/11/22 16:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/07/20 04:25:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\aarons\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/11/22 16:06:16 | 000,043,528 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\wm_hooks.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/22 16:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\wpjsopik.sys -- (tqqfl)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\wqltmme.sys -- (nzmut)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wujwv.sys -- (mhbteanI)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\djocynwt.sys -- (djocynwt)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/06/27 07:19:22 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/06/27 06:57:48 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/05/16 15:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/10/05 18:31:46 | 000,488,960 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/10/05 18:31:46 | 000,488,960 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC)
DRV - [2004/12/10 22:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/09/22 16:44:04 | 000,038,912 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/11/13 19:25:26 | 000,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 3F C5 1E 34 8A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.24
FF - prefs.js..extensions.enabledItems: {25c3c922-4a5c-39ac-8636-4b64ac7b2bdf}:4.6.6.6
FF - prefs.js..extensions.enabledItems: search@helper:8.17
FF - prefs.js..keyword.URL: "http://www.veerboo.c...results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/01 15:24:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 18:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 11:03:27 | 000,000,000 | ---D | M]

[2008/07/05 15:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/27 14:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions
[2010/04/27 21:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 20:15:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/05/28 22:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]
[2009/04/30 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]
[2010/07/12 19:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\SearchHelper
[2009/10/29 15:36:44 | 000,005,317 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\footiefox.xml
[2010/07/12 13:08:03 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\GoogleFeed.xml
[2009/07/25 19:33:24 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\live-search.xml
[2010/07/27 14:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/11 18:50:10 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{25c3c922-4a5c-39ac-8636-4b64ac7b2bdf}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/01/23 16:36:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/23 16:36:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/23 16:36:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/23 16:36:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/02 22:54:26 | 000,410,689 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14217 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 12:06:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/27 09:02:04 | 000,000,000 | ---D | C] -- C:\2a09c054e39e2d476321a9
[2010/07/24 18:43:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/24 18:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/07/24 18:20:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Totem Tribe Gold
[2010/07/24 18:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Totem Tribe Gold
[2010/07/24 15:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TheLostKingdomProphecy
[2010/07/24 15:29:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/07/24 14:32:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Lost Kingdom Prophecy
[2010/07/24 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Lost Kingdom Prophecy
[2010/07/23 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Jade Rousseau - The Fall of Sant Antonio
[2010/07/23 16:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Odian Games
[2010/07/23 16:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nemos Secret - The Nautilus
[2010/07/22 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Echoes of the Past - The Castle of Shadows Collectors Edition
[2010/07/22 13:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/22 13:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/22 13:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/22 13:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/22 12:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\The Clockwork Man The Hidden World
[2010/07/21 12:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\The Pirates Treasure - An Oliver Hook Mystery
[2010/07/20 17:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simajo The Travel Móstery Game
[2010/07/20 17:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Simajo - The Travel Mystery Game
[2010/07/20 04:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\aarons
[2010/07/19 16:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010/07/19 16:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snowy Treasure Hunter 3
[2010/07/19 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Snowy Treasure Hunter 3
[2010/07/18 18:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Journalistic Stories
[2010/07/17 11:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2010/07/17 11:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Elixir of Immortality
[2010/07/16 17:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GameMill Entertainment
[2010/07/16 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Vampire Secrets
[2010/07/15 21:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Adventures The Great Gatsby
[2010/07/12 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/07/12 14:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\KranX Productions
[2010/07/10 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Time Dreamer
[2010/07/10 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Artifacts of the Past - Ancient Mysteries
[2010/07/07 11:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2010/07/07 11:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Laby
[2010/07/06 20:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Trail of the Twister
[2010/07/06 20:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nancy Drew - Trail of the Twister
[2010/07/06 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Secrets of the Dragon Wheel
[2010/07/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\VendelGAMES
[2010/07/04 20:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Finstere Liebschaft
[2010/07/04 20:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2010/07/04 20:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Immortal Lovers
[2010/07/03 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\The Fifth Gate
[2010/07/03 18:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mutant Arcade
[2010/07/03 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skymist The Lost Spirit Stones
[2010/07/02 15:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Journey of Hope
[2010/07/02 14:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Escape Whisper Valley
[2010/07/01 17:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/07/01 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy 3 Madagascar
[2010/06/30 19:24:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/30 19:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BBB
[2010/06/30 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Romancing the Seven Wonders - Great Pyramids
[2010/06/26 22:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Be a King 2
[2010/06/26 19:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Be a King 2
[2010/06/26 19:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mariaglorum
[2010/06/25 15:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vaultcracker The Last Safe
[2010/06/25 09:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\A Gypsy's Tale - The Tower of Secrets
[2010/06/25 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\A Gypsy's Tale - The Tower of Secrets
[2010/06/24 19:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles - The Book of Air C.E
[2010/06/23 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FunnyMiners
[2010/06/23 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Funny Miners
[2010/06/23 13:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brunhilda_Release
[2010/06/23 13:28:35 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/23 13:28:35 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/23 13:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brunhilda
[2010/06/22 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeleportGamesLtd
[2010/06/22 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/06/22 10:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ancient Adventures - Gift of Zeus
[2010/06/19 11:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Blood Oath
[2010/06/17 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\The Mysterious Past of Gregory Phoenix
[2010/06/17 09:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Agatha Christie - 450 from Paddington
[2010/06/16 08:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\The Crop Circles Mystery
[2010/06/15 23:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Jugilus
[2010/06/15 14:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Lights, Camera, Curses
[2010/06/15 13:38:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Nancy Drew Dossier Lights Camera Curses
[2010/06/15 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nancy Drew Dossier Lights Camera Curses
[2010/06/13 18:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Burger Bustle
[2010/06/13 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Zzed
[2010/06/13 11:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Midnight Mysteries 2 Salem Witch Trials
[2010/06/08 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gamenext
[2010/06/08 16:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\AirXonix
[2010/06/08 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brawsome
[2010/06/08 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/08 10:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Jolly Rover
[2010/06/05 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Banana Bugs
[2010/06/05 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer - Contraband Mystery
[2010/06/04 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mysterious Travel - The Magic Diary
[2010/06/04 12:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paige Harper and the Tome of Mystery
[2010/06/02 00:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/30 10:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Namco
[2010/05/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Awem
[2010/05/29 19:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Faded Reality
[2010/05/29 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Paige Harper and the Tome of Mystery
[2010/05/27 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Puppet Show - Souls of the Innocent Collectors Edition
[2010/05/27 14:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Build a Lot 5 Elizabethan Era
[2010/05/27 11:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2010/05/27 11:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/05/27 11:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Special Enquiry Detail - The Hand that Feeds
[2010/05/23 18:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/05/22 16:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SevenSails
[2010/05/22 16:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\The Heritage
[2010/05/21 12:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MagicIndie
[2010/05/21 11:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlitPop
[2010/05/20 21:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Biozone
[2010/05/20 18:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PassionFruit Games
[2010/05/20 18:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Strange Cases - The Lighthouse Mystery Collectors Edition
[2010/05/20 18:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tiger Eye Part 1 - Curse Of The Riddle Box
[2010/05/14 19:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/05/14 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Buried In Time
[2010/05/14 19:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2010/05/11 19:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\bigup16
[2010/05/09 11:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NevoSoft Games
[2010/05/09 11:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Craft 2
[2010/05/08 22:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HillStoneAnimationStudios_MBV
[2010/05/05 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SquareLogic
[2010/05/04 18:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Every Day Genius Square Logic
[2010/05/02 18:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Freeze Tag
[2010/05/02 11:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Namco
[2010/05/01 21:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Eternity
[2010/04/29 16:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\freshgames
[2010/04/29 16:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ranch Rush 2 Collector's Edition
[2010/04/29 16:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2010/04/29 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fiction Fixers Adventures in Wonderland Premium Edition
[2010/04/29 15:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deadtime Stories
[2010/04/29 15:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/27 17:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54B5413B-8875-4A1E-927B-94B4B1617DB7}.job
[2010/07/27 16:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 14:10:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/27 08:55:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/27 08:54:46 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 08:54:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/27 08:54:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/27 08:54:34 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/27 08:54:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/27 01:32:29 | 016,515,072 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/27 01:32:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/26 16:00:47 | 002,120,138 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/26 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/20 18:50:29 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 20:59:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twister.INI
[2010/07/02 22:54:26 | 000,410,689 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/30 19:24:25 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/30 19:18:50 | 000,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 19:43:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/06/23 15:09:16 | 000,521,600 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 15:09:16 | 000,455,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 15:09:16 | 000,075,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 13:30:01 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/23 13:30:01 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/15 14:18:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Curses.INI
[2010/06/10 18:20:48 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 20:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/06/15 14:18:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/04/14 08:16:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2010/04/14 08:16:43 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/04/07 18:27:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/02/02 19:28:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/01/22 01:57:03 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/11/22 14:16:28 | 000,000,427 | ---- | C] () -- C:\WINDOWS\Buildalot4.ini
[2009/10/06 20:30:34 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/29 14:03:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/08/08 16:13:38 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/13 14:45:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/01 15:25:07 | 000,000,616 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/03/30 19:37:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/19 23:43:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/18 16:21:36 | 000,001,079 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/10/02 12:40:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/08/23 19:46:25 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/18 10:37:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/14 16:35:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/12 16:09:00 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/12 16:08:58 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/12 16:08:58 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/25 23:40:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll
[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/15 13:27:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/10 22:48:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/05/01 19:09:49 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/01 19:09:46 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 19:09:46 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 19:09:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/01 19:09:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/29 19:26:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/04/23 19:51:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/23 13:28:37 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/04/23 13:21:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/23 13:21:24 | 000,127,681 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/04/23 13:21:18 | 000,102,622 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/04/23 12:11:44 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/03/15 22:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20000Leagues
[2008/12/18 15:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/05/14 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/02/21 00:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/03/07 19:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/06/26 12:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/07/19 16:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2008/12/21 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlwaysNeat
[2010/01/23 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/10 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ApeZone
[2008/12/26 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2009/11/24 02:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/07/27 14:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/05/16 16:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/10/19 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2010/02/01 13:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/09/13 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009/02/21 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2009/11/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/05/21 11:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlitPop
[2009/09/21 00:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/03/12 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Braintonik
[2010/06/08 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/05/14 19:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2010/05/23 18:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009/12/02 13:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2010/04/29 15:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2008/06/06 15:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2009/02/15 13:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/01/06 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2010/07/24 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2009/11/18 15:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2008/04/23 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/19 08:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/01/12 13:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/08/27 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/08/12 18:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/03/10 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2010/07/02 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/04/17 09:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2010/01/08 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/07/04 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2008/06/28 13:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/02/19 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/06/17 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/04/29 16:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/10/27 10:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/01/06 13:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/02/03 14:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameMill
[2010/07/07 11:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2009/11/26 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/06/09 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMESHASTRA
[2009/07/24 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/06/26 09:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/11/20 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/02/05 21:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2008/04/30 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009/09/01 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2010/05/27 14:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/01/22 02:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/02/01 16:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2010/03/30 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2010/05/13 14:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2008/12/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/08/06 17:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/06 17:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/03 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/06/15 23:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jugilus
[2010/03/18 21:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom
[2009/07/15 15:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2009/12/21 15:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/02/10 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2009/05/29 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2010/06/19 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/01/26 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/06/13 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/14 23:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/04/09 16:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/05/30 10:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2008/12/01 17:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/02/09 13:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2008/11/29 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/01/23 15:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2009/06/13 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/19 08:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2008/09/10 10:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2010/07/03 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/17 13:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/04/02 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/01/07 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/08/21 17:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/02/22 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QB9
[2009/12/08 21:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/07/20 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simajo The Travel Móstery Game
[2009/05/18 14:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/09/26 00:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2009/01/13 14:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sowhat
[2008/06/05 11:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/06/13 21:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/08/17 00:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/06/22 10:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/07/25 13:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/07 17:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/02/10 12:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2009/12/28 00:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2008/08/05 14:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2010/03/28 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2009/01/17 16:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/10 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/07/11 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2009/07/11 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2009/05/18 09:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2010/03/15 22:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\20000Leagues
[2009/04/27 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2010/06/26 11:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\A Gypsy's Tale - The Tower of Secrets
[2009/02/21 04:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2009/07/14 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aisle 5 Games, Inc
[2010/05/14 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/02/21 00:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar Entertainment
[2009/01/24 09:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlterLab
[2008/08/01 07:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2008/08/11 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__reflexive
[2008/12/04 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Archibald's Adventures
[2010/02/03 15:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artifex Mundi
[2010/03/29 12:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2009/07/27 14:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2010/05/29 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2009/04/21 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azuaz Games
[2010/03/05 17:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AzuazGames
[2010/02/01 13:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BanzaiInteractive
[2010/06/30 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBB
[2010/06/30 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King 2
[2008/09/04 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeachPartyCraze
[2010/06/16 09:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2010/05/20 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Biozone
[2009/11/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2010/04/23 00:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2010/05/29 19:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2010/03/12 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braintonik
[2009/03/02 19:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrandX Games
[2010/06/08 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brawsome
[2009/12/22 16:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrokenHearts
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brunhilda
[2010/06/23 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brunhilda_Release
[2009/10/07 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\casanova
[2009/11/24 01:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2008/12/19 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2008/06/09 13:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus
[2009/08/11 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2009/12/06 16:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChaYoWo Games
[2009/01/30 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/12/02 13:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Curious Sense
[2010/03/14 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DarkParablesBriarRose_BFG
[2010/01/09 16:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2009/11/11 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EcoRescue
[2009/01/06 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eGames
[2009/07/31 14:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/11/03 17:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElementalsTheMagicKey
[2009/10/09 15:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enki Games
[2009/06/26 15:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2010/06/04 20:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/01/09 16:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2008/07/13 11:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2010/07/04 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Finstere Liebschaft
[2008/11/25 13:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2010/02/19 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2010/06/17 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2010/04/17 06:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlyWheelGames
[2008/09/26 13:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2010/05/02 18:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freeze Tag
[2010/03/18 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freezetag
[2010/04/29 16:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\freshgames
[2008/12/19 23:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/02/23 12:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Frogwares
[2010/04/29 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2010/03/12 18:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\G-HeadGames
[2008/05/17 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2009/12/14 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Game Mill Entertainment
[2010/03/15 18:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2008/11/14 10:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2010/02/03 14:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameMill
[2010/07/16 17:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameMill Entertainment
[2009/11/26 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamers Digital
[2009/07/12 15:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2008/06/04 09:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2009/06/09 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GAMESHASTRA
[2010/02/01 21:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gestalt Games
[2008/08/15 19:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2008/11/20 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2010/07/21 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2009/10/25 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GTM_Bodie
[2010/02/28 19:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HdO Adventure
[2010/05/08 22:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HillStoneAnimationStudios_MBV
[2009/04/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2009/08/24 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HSA
[2009/12/11 16:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iMaxGen
[2008/12/28 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2009/05/24 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2009/01/27 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Island
[2008/05/29 17:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ITTNord
[2009/08/06 17:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/08/23 10:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Realty hitzwarez net
[2010/03/20 18:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetdogs Studios
[2009/01/28 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetsetter
[2010/04/11 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2009/10/15 09:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KlickTock
[2010/07/12 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KranX Productions
[2010/05/02 10:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2010/02/15 13:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegacyInteractive
[2009/10/10 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/07/15 15:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2010/04/10 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Noir Stories
[2008/05/02 11:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LTOA
[2009/12/21 15:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2009/08/20 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA
[2009/10/03 11:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy 2
[2008/05/17 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2010/04/03 19:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic3
[2010/05/21 12:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicIndie
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2010/06/26 19:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mariaglorum
[2009/12/05 17:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2009/05/29 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mean Hamster
[2010/03/05 18:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MemoryClinic
[2010/02/24 10:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/06/19 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2009/10/21 13:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MissTeriTale3
[2010/07/03 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mutant Arcade
[2008/05/13 21:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/11/18 11:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
[2010/05/30 10:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Namco
[2010/03/14 20:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nevosoft
[2010/05/09 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft Games
[2010/07/23 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Odian Games
[2010/07/22 13:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/15 17:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2010/06/05 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paige Harper and the Tome of Mystery
[2009/02/17 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2009/10/13 10:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ph03nixNewMedia
[2010/07/03 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/10/02 17:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2010/01/07 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2008/12/10 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2008/05/16 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Purple Patch Games
[2010/02/22 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QB9
[2009/06/29 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Quirky Games
[2008/08/23 11:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2009/01/25 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2010/04/06 16:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Scholastic
[2008/10/24 09:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2008/12/18 16:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2010/04/04 12:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Settlement. Colossus
[2010/05/22 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SevenSails
[2008/12/02 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2009/08/02 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2010/03/04 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales
[2010/07/06 21:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Silverback Productions
[2010/06/10 10:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2010/03/30 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Specialbit
[2008/12/28 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2010/05/19 10:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2009/08/08 15:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillRichiEng
[2010/05/05 15:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SquareLogic
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2008/05/10 15:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sudden Games
[2008/05/16 16:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SultanofPersia
[2010/05/20 18:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2009/01/06 02:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2008/12/28 20:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2010/06/22 10:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeleportGamesLtd
[2010/02/10 12:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Inquisitor
[2010/01/15 13:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TheFixerUpper
[2010/07/10 17:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikisLab
[2009/11/02 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TitanicMystery
[2008/08/25 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TMInc
[2010/03/28 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Top Evidence
[2010/07/23 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2010/02/18 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TripleHippo
[2009/05/02 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twintale Entertainment
[2009/04/06 20:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2008/04/28 17:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/11/10 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\URSE Games
[2010/07/27 15:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/03/18 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V-Games
[2009/01/17 16:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2009/09/13 17:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VampireSaga
[2010/07/06 13:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VendelGAMES
[2009/02/06 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2009/12/28 01:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Prophecy
[2010/07/17 11:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2010/06/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/04/28 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2009/05/29 01:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/06/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2009/06/14 19:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2010/05/05 15:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2010/07/26 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/27 08:54:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/07/27 17:08:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{54B5413B-8875-4A1E-927B-94B4B1617DB7}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/05/01 04:07:16 | 000,026,988 | ---- | M] () -- C:\aaronlog.txt
[2009/10/29 13:04:36 | 000,124,164 | ---- | M] () -- C:\aaw7boot.log
[2008/04/23 12:06:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/04/23 17:01:22 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2009/05/23 21:34:17 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/04/23 12:06:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/23 13:22:10 | 000,000,867 | ---- | M] () -- C:\FSC-DeskUpdate.txt
[2009/06/14 21:47:08 | 000,020,424 | ---- | M] () -- C:\HijackPatrol.log
[2008/04/23 12:06:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/12 18:57:15 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/04/23 12:06:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/07/01 15:13:30 | 000,000,199 | -HS- | M] () -- C:\nn1_brun.sys
[2008/04/23 16:52:27 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/18 12:29:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/27 08:54:11 | 1157,627,904 | -HS- | M] () -- C:\pagefile.sys
[2009/06/13 14:52:28 | 000,001,570 | ---- | M] () -- C:\rollback.ini
[2010/01/31 18:33:31 | 000,018,614 | ---- | M] () -- C:\RootRepeal report 01-31-10 (17-33-31).txt
[2009/08/09 15:30:09 | 000,000,023 | ---- | M] () -- C:\sav_BF.txt
[2009/02/15 20:36:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/16 00:07:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/16 07:43:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/17 00:20:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/18 01:58:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/19 01:45:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/19 03:01:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/19 17:41:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/06 02:37:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/07 03:04:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/08 01:56:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/09 01:03:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/11 00:55:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/12 00:00:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/12 11:33:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/12 11:46:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/13 03:15:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/13 17:01:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/14 02:14:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/15 00:30:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/15 20:36:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/16 00:07:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/16 07:43:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/17 00:20:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/18 01:58:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/19 01:45:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/19 03:01:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/19 17:41:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/06 02:37:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/07 03:04:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/08 01:56:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/09 01:03:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/11 00:55:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/12 00:00:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/12 11:33:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/12 11:46:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/13 03:15:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/13 17:01:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/14 02:14:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/15 00:30:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/22 20:01:26 | 000,000,756 | ---- | M] () -- C:\updatedatfix.log
[2008/04/23 18:29:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/23 12:06:14 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2005/06/02 12:05:50 | 000,078,848 | ---- | M] (WeiserWare) -- C:\WINDOWS\3DAlienAquarium.scr
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/04 10:39:40 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/23 11:45:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/15 10:23:58 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\ryghicne.sav
[2008/04/23 11:45:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/23 11:45:38 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-27 08:02:24

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB947864\KB947864] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Alabama Smithin Escape from Pompeii\Alabama Smithin Escape from Pompeii] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Ancient Secrets\Ancient Secrets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp\ZAP118.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp\ZAP130.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D8.tmp\ZAP1D8.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B9.tmp\ZAP2B9.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Be Rich\Be Rich] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Build a lot 3 Passport to Europe\Build a lot 3 Passport to Europe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Build-a-lot 2 - Town of the Year\Build-a-lot 2 - Town of the Year] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Carnival Mania\Carnival Mania] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d1\d1] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d2\d2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d3\d3] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d4\d4] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d5\d5] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d6\d6] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d7\d7] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d8\d8] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Farm Craft\Farm Craft] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Farm Frenzy 2\Farm Frenzy 2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ftpcache\ftpcache] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Mae Q West and the Sign of the Stars\Mae Q West and the Sign of the Stars] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Magic Aces\Magic Aces] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Minidump\Minidump] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Miracles\Miracles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Mystery P I The New York Fortune\Mystery P I The New York Fortune] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Pageant Princess\Pageant Princess] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegCure\RegCure] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Satisfashion\Satisfashion] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\security\logs\logs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet\Sherlock Holmes - The Mystery of the Persian Carpet] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Shop-n-Spree\Shop-n-Spree] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Spa Mania\Spa Mania] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Supermarket Mania\Supermarket Mania] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SxsCaPendDel\SxsCaPendDel] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Unwell Mel\Unwell Mel] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Westward III Gold Rush\Westward III Gold Rush] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\InstallTemp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F59E8EA
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87B05421
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40DB6D00
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E341035
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FF74A17
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14FA5E46
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65241CBC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8705CE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E16B36
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5FC8FA1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C99C213
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A28B4A2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E24C78B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F95AE81
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E224648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07EA07E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2383F16C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F24D3D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:020ACF72
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC30FDA5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
< End of report >

Extras.txt:

OTL Extras logfile created on: 27/07/2010 17:03:07 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\aarons
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 401.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 26.81 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOPPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:RealVNC
"5900:UDP" = 5900:UDP:*:Enabled:RealVNC
"14229:TCP" = 14229:TCP:*:Enabled:BitComet 14229 TCP
"14229:UDP" = 14229:UDP:*:Enabled:BitComet 14229 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe" = C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo -- File not found
"C:\Program Files\WinPcap\rpcapd.exe" = C:\Program Files\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{70A5D3F9-19F3-4026-99E8-BCAFBCC87076}_is1" = FlySim
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE68AE8-22A4-4CD9-A5F9-918FBD2F9D3E}" = Photo to Cartoon
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD6E97C6-310B-487A-945E-18965FF0E20E}" = NVIDIA PhysX v8.06.12
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"A Gypsy's Tale - The Tower of Secrets1.0" = A Gypsy's Tale - The Tower of Secrets
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agatha Christie - 450 from Paddington1.0" = Agatha Christie - 450 from Paddington
"AirXonix_is1" = AirXonix version 1.36
"Ancient Adventures - Gift of Zeus1.0" = Ancient Adventures - Gift of Zeus
"Artifacts of the Past - Ancient Mysteries1.0" = Artifacts of the Past - Ancient Mysteries
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"avast5" = avast! Free Antivirus
"Banana Bugs1.0" = Banana Bugs
"Be a King 21.0" = Be a King 2
"BFGC" = Big Fish Games Client
"Blood Oath1.0" = Blood Oath
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"Burger Bustle1.0" = Burger Bustle
"ca" = ca
"Cajun Cop1.0" = Cajun Cop
"CCleaner" = CCleaner (remove only)
"Classic Adventures The Great Gatsby1.0" = Classic Adventures The Great Gatsby
"Cruise Clues - Caribbean Adventure1.0" = Cruise Clues - Caribbean Adventure
"Diner Dash 5 Boom Collector's Edition H33T" = Diner Dash 5 Boom Collector's Edition H33T
"Dream Chronicles - The Book of Air C.E1.0" = Dream Chronicles - The Book of Air C.E
"Echoes of the Past - The Castle of Shadows Collectors Edition1.0" = Echoes of the Past - The Castle of Shadows Collectors Edition
"Elixir of Immortality1.0" = Elixir of Immortality
"ERUNT_is1" = ERUNT 1.1j
"Escape Whisper Valley1.0" = Escape Whisper Valley
"Eternity1.0" = Eternity
"Explorer - Contraband Mystery1.0" = Explorer - Contraband Mystery
"Faded Reality1.0" = Faded Reality
"Fantastic Farm1.0" = Fantastic Farm
"Farm Craft 21.0" = Farm Craft 2
"Farm Frenzy 3 ." = Farm Frenzy 3 .
"Farm Frenzy 3 Ice Age 1.00" = Farm Frenzy 3 Ice Age 1.00
"Farm Frenzy 3 Madagascar1.0" = Farm Frenzy 3 Madagascar
"Farm Frenzy 3 Russian Roulette1.0" = Farm Frenzy 3 Russian Roulette
"Farm Frenzy 31.0" = Farm Frenzy 3
"Farm Frenzy_is1" = Farm Frenzy
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Fiction Fixers Adventures in Wonderland Premium Edition1.0" = Fiction Fixers Adventures in Wonderland Premium Edition
"fishsim2" = fishsim2
"FotoSketcher_is1" = FotoSketcher - Version 1.9
"Funny Miners1.0" = Funny Miners
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Hidden Mysteries - Vampire Secrets1.0" = Hidden Mysteries - Vampire Secrets
"Hidden Mysteries Buckingham Palace1.0" = Hidden Mysteries Buckingham Palace
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Immortal Lovers1.0" = Immortal Lovers
"Indeo® software" = Indeo® software
"Intel® 536EP Modem" = Intel® 536EP Modem
"Jolly Rover1.0" = Jolly Rover
"Journalistic Stories1.0" = Journalistic Stories
"Journey of Hope1.0" = Journey of Hope
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Laby1.0" = Laby
"Lost Lagoon The Trail of Destiny 1.00" = Lost Lagoon The Trail of Destiny 1.00
"Lost Secrets Bermuda Triangle1.0" = Lost Secrets Bermuda Triangle
"Love Chronicles - The Spell Collector's Edition1.0" = Love Chronicles - The Spell Collector's Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midnight Mysteries 2 Salem Witch Trials1.0" = Midnight Mysteries 2 Salem Witch Trials
"Mind's Eye - Secrets of the Forgotten" = Mind's Eye - Secrets of the Forgotten
"Money Tree1.0" = Money Tree
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mysterious Travel - The Magic Diary1.0" = Mysterious Travel - The Magic Diary
"Nancy Drew - Trail of the Twister1.0" = Nancy Drew - Trail of the Twister
"Nancy Drew Dossier Lights Camera Curses1.0" = Nancy Drew Dossier Lights Camera Curses
"Nemos Secret - The Nautilus1.0" = Nemos Secret - The Nautilus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Paige Harper and the Tome of Mystery1.0" = Paige Harper and the Tome of Mystery
"PJ Pride Pet Detective Destination Europe1.0" = PJ Pride Pet Detective Destination Europe
"Plan It Green1.0" = Plan It Green
"Pro Bass Fishing 2003" = Pro Bass Fishing 2003
"Puppet Show - Souls of the Innocent Collectors Edition1.0" = Puppet Show - Souls of the Innocent Collectors Edition
"Ranch Rush 2 Collector's Edition1.0" = Ranch Rush 2 Collector's Edition
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Enterprise Edition 4.1.9
"Recuva" = Recuva
"Romancing the Seven Wonders - Great Pyramids1.0" = Romancing the Seven Wonders - Great Pyramids
"Royal Envoy Collectors Edition1.0" = Royal Envoy Collectors Edition
"Secrets of the Dragon Wheel1.0" = Secrets of the Dragon Wheel
"Settlement Colossus1.0" = Settlement Colossus
"Simajo - The Travel Mystery Game1.0" = Simajo - The Travel Mystery Game
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"Skymist The Lost Spirit Stones1.0" = Skymist The Lost Spirit Stones
"Snowy Treasure Hunter 31.0" = Snowy Treasure Hunter 3
"Special Enquiry Detail - The Hand that Feeds1.0" = Special Enquiry Detail - The Hand that Feeds
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ST5UNST #1" = FSUTILS
"Svetlograd1.0" = Svetlograd
"TBass4.exe" = Field & Stream® Trophy Bass 4
"The Amazing Brain Train1.0" = The Amazing Brain Train
"The Clockwork Man The Hidden World1.0" = The Clockwork Man The Hidden World
"The Crop Circles Mystery1.0" = The Crop Circles Mystery
"The Fifth Gate1.0" = The Fifth Gate
"The Heritage1.0" = The Heritage
"The Lost Kingdom Prophecy1.0" = The Lost Kingdom Prophecy
"The Pirates Treasure - An Oliver Hook Mystery1.0" = The Pirates Treasure - An Oliver Hook Mystery
"Tiger Eye Part 1 - Curse Of The Riddle Box ." = Tiger Eye Part 1 - Curse Of The Riddle Box .
"Time Dreamer1.0" = Time Dreamer
"Totem Tribe Gold1.0" = Totem Tribe Gold
"Tower Buddy_is1" = Tower Buddy 1.4
"uTorrent" = µTorrent
"Vaultcracker The Last Safe 1.02" = Vaultcracker The Last Safe 1.02
"Vaultcracker The Last Safe1.0" = Vaultcracker The Last Safe
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Westward IV1.001" = Westward IV
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonderburg1.0" = Wonderburg
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma's Revenge!1.0" = Zuma's Revenge!
"Zzed1.0" = Zzed

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/07/2010 10:09:27 | Computer Name = DESKTOPPC | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.

Error - 21/07/2010 10:09:28 | Computer Name = DESKTOPPC | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe.

Error - 22/07/2010 04:57:13 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 22/07/2010 08:18:48 | Computer Name = DESKTOPPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 22/07/2010 08:18:48 | Computer Name = DESKTOPPC | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 23/07/2010 05:55:50 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 24/07/2010 05:58:58 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 25/07/2010 06:08:08 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 26/07/2010 04:12:54 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

Error - 27/07/2010 04:02:20 | Computer Name = DESKTOPPC | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 26/07/2010 18:37:45 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The nzmut service failed to start due to the following error: %%2

Error - 26/07/2010 18:37:45 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The tqqfl service failed to start due to the following error: %%2

Error - 26/07/2010 18:37:45 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%5

Error - 26/07/2010 18:38:04 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 27/07/2010 03:55:07 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The nzmut service failed to start due to the following error: %%2

Error - 27/07/2010 03:55:07 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The tqqfl service failed to start due to the following error: %%2

Error - 27/07/2010 03:55:07 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%5

Error - 27/07/2010 03:55:27 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 27/07/2010 04:02:18 | Computer Name = DESKTOPPC | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%5

Error - 27/07/2010 04:02:48 | Computer Name = DESKTOPPC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.87.582.0).

< End of report >

Edited by NorthernLight, 28 July 2010 - 02:54 AM.

#2
BlackOxide

Posted 29 July 2010 - 01:49 PM

Trusted Helper

Malware Removal
1,976 posts

Hi, NorthernLight! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

OK, lets start

I am currently looking through your logs and will post back shortly

#3
NorthernLight

Posted 29 July 2010 - 01:54 PM

Member

Topic Starter
Member
41 posts

Hello BlackOxide, thank you for your help

and I am glad I'm able to help with your training

#4
BlackOxide

Posted 29 July 2010 - 05:19 PM

Trusted Helper

Malware Removal
1,976 posts

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

In your next reply
Please post the contents of...
Win32kDiag.txt

#5
NorthernLight

Posted 29 July 2010 - 05:38 PM

Member

Topic Starter
Member
41 posts

here is the log you asked for

Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Alabama Smithin Escape from Pompeii\Alabama Smithin Escape from Pompeii

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Ancient Secrets\Ancient Secrets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp\ZAP118.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp\ZAP130.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D8.tmp\ZAP1D8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B9.tmp\ZAP2B9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Be Rich\Be Rich

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Build a lot 3 Passport to Europe\Build a lot 3 Passport to Europe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Build-a-lot 2 - Town of the Year\Build-a-lot 2 - Town of the Year

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Carnival Mania\Carnival Mania

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Farm Craft\Farm Craft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Farm Frenzy 2\Farm Frenzy 2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Mae Q West and the Sign of the Stars\Mae Q West and the Sign of the Stars

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Magic Aces\Magic Aces

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Miracles\Miracles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Mystery P I The New York Fortune\Mystery P I The New York Fortune

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Pageant Princess\Pageant Princess

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegCure\RegCure

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Satisfashion\Satisfashion

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet\Sherlock Holmes - The Mystery of the Persian Carpet

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Shop-n-Spree\Shop-n-Spree

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Spa Mania\Spa Mania

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Supermarket Mania\Supermarket Mania

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 08:56:48 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\system32\dllcache\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()

Found mount point : C:\WINDOWS\Unwell Mel\Unwell Mel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Westward III Gold Rush\Westward III Gold Rush

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Finished!

#6
BlackOxide

Posted 30 July 2010 - 12:13 PM

Trusted Helper

Malware Removal
1,976 posts

Hi,

Lets go ahead and run a fix using Win32kDiag, then have OTL remove some items that are present

Please do the following steps, in order...

1)
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

2)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\wpjsopik.sys -- (tqqfl)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\wqltmme.sys -- (nzmut)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\wujwv.sys -- (mhbteanI)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\djocynwt.sys -- (djocynwt)
FF - prefs.js..extensions.enabledItems: {25c3c922-4a5c-39ac-8636-4b64ac7b2bdf}:4.6.6.6
[2010/04/11 18:50:10 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{25c3c922-4a5c-39ac-8636-4b64ac7b2bdf}

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"=-

:Files
C:\WINDOWS\system32\dumprep.exe|C:\WINDOWS\ServicePackFiles\i386\dumprep.exe /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again, copy and paste the following into the Custom Scans/Fixes area at the bottom

/md5start
dumprep.exe
/md5stop
Then click the Quick Scan button. Post the log it produces in your next reply.

In your next reply
Please post the contents of...
Win32kDiag fix
OTL log

#7
NorthernLight

Posted 30 July 2010 - 12:57 PM

Member

Topic Starter
Member
41 posts

here is the OTL scan log and Win32kDiag log. unfortunately i cant find the log for the OTL fix, would you like me to run it again?

Win32kDiag fix

Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB947864\KB947864

Found mount point : C:\WINDOWS\Alabama Smithin Escape from Pompeii\Alabama Smithin Escape from Pompeii

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Alabama Smithin Escape from Pompeii\Alabama Smithin Escape from Pompeii

Found mount point : C:\WINDOWS\Ancient Secrets\Ancient Secrets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Ancient Secrets\Ancient Secrets

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp\ZAP118.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp\ZAP118.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp\ZAP130.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP130.tmp\ZAP130.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D8.tmp\ZAP1D8.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D8.tmp\ZAP1D8.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B9.tmp\ZAP2B9.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B9.tmp\ZAP2B9.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94.tmp\ZAP94.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Be Rich\Be Rich

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Be Rich\Be Rich

Found mount point : C:\WINDOWS\Build a lot 3 Passport to Europe\Build a lot 3 Passport to Europe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Build a lot 3 Passport to Europe\Build a lot 3 Passport to Europe

Found mount point : C:\WINDOWS\Build-a-lot 2 - Town of the Year\Build-a-lot 2 - Town of the Year

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Build-a-lot 2 - Town of the Year\Build-a-lot 2 - Town of the Year

Found mount point : C:\WINDOWS\Carnival Mania\Carnival Mania

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Carnival Mania\Carnival Mania

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\Farm Craft\Farm Craft

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Farm Craft\Farm Craft

Found mount point : C:\WINDOWS\Farm Frenzy 2\Farm Frenzy 2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Farm Frenzy 2\Farm Frenzy 2

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Mae Q West and the Sign of the Stars\Mae Q West and the Sign of the Stars

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Mae Q West and the Sign of the Stars\Mae Q West and the Sign of the Stars

Found mount point : C:\WINDOWS\Magic Aces\Magic Aces

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Magic Aces\Magic Aces

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Minidump\Minidump

Found mount point : C:\WINDOWS\Miracles\Miracles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Miracles\Miracles

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\Mystery P I The New York Fortune\Mystery P I The New York Fortune

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Mystery P I The New York Fortune\Mystery P I The New York Fortune

Found mount point : C:\WINDOWS\Pageant Princess\Pageant Princess

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Pageant Princess\Pageant Princess

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Found mount point : C:\WINDOWS\RegCure\RegCure

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegCure\RegCure

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\Satisfashion\Satisfashion

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Satisfashion\Satisfashion

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\security\logs\logs

Found mount point : C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet\Sherlock Holmes - The Mystery of the Persian Carpet

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet\Sherlock Holmes - The Mystery of the Persian Carpet

Found mount point : C:\WINDOWS\Shop-n-Spree\Shop-n-Spree

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Shop-n-Spree\Shop-n-Spree

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\backup\backup

Found mount point : C:\WINDOWS\Spa Mania\Spa Mania

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Spa Mania\Spa Mania

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\Supermarket Mania\Supermarket Mania

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Supermarket Mania\Supermarket Mania

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Found mount point : C:\WINDOWS\Unwell Mel\Unwell Mel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Unwell Mel\Unwell Mel

Found mount point : C:\WINDOWS\Westward III Gold Rush\Westward III Gold Rush

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Westward III Gold Rush\Westward III Gold Rush

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Finished!

OTL Scan

OTL logfile created on: 30/07/2010 19:43:38 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\aarons
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 362.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 41.50 Gb Free Space | 22.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESKTOPPC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 18:03:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/20 04:25:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\aarons\OTL.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/04 11:38:22 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/11/22 16:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/07/20 04:25:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\aarons\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/11/22 16:06:16 | 000,043,528 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\wm_hooks.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/22 16:06:14 | 000,685,048 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/06/27 07:19:22 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/06/27 06:57:48 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/05/16 15:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/10/05 18:31:46 | 000,488,960 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/10/05 18:31:46 | 000,488,960 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(SMC)) 802.11g Wireless USB2.0 Adapter Driver(SMC)
DRV - [2004/12/10 22:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel®
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/09/22 16:44:04 | 000,038,912 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/11/13 19:25:26 | 000,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\siside.sys -- (SiSide)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 3F C5 1E 34 8A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.24
FF - prefs.js..extensions.enabledItems: search@helper:8.17

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/01 15:24:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 18:03:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 11:03:27 | 000,000,000 | ---D | M]

[2008/07/05 15:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/07/30 15:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions
[2010/04/27 21:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/28 20:15:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/05/28 22:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]
[2009/04/30 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]
[2010/07/12 19:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\SearchHelper
[2009/10/29 15:36:44 | 000,005,317 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\footiefox.xml
[2010/07/12 13:08:03 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\GoogleFeed.xml
[2009/07/25 19:33:24 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\searchplugins\live-search.xml
[2010/07/30 19:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/01/23 16:36:31 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/23 16:36:31 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/23 16:36:31 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/23 16:36:31 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/30 19:32:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 12:06:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/30 19:32:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/30 19:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Redemption Cemetery - Curse of the Raven Collector's Edition
[2010/07/30 19:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Redemption Cemetery - Curse of the Raven Collector's Edition
[2010/07/30 15:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snark Busters Welcome to the Club
[2010/07/30 15:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Snark Busters Welcome to the Club
[2010/07/29 13:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vast Studios
[2010/07/29 13:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Nightfall Mysteries - The Asylum Conspiracy
[2010/07/29 13:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Nightfall Mysteries - The Asylum Conspiracy
[2010/07/29 10:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MysteriousCaseOfJekyllAndHyde
[2010/07/29 08:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/07/28 15:39:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Mysterious Case of Dr. Jekyll and Mr. Hyde
[2010/07/28 15:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\The Mysterious Case of Dr. Jekyll and Mr. Hyde
[2010/07/24 18:43:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/24 18:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/07/24 18:20:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Totem Tribe Gold
[2010/07/24 18:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Totem Tribe Gold
[2010/07/24 15:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TheLostKingdomProphecy
[2010/07/24 14:32:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Lost Kingdom Prophecy
[2010/07/24 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\The Lost Kingdom Prophecy
[2010/07/23 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\Jade Rousseau - The Fall of Sant Antonio
[2010/07/23 16:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Odian Games
[2010/07/23 16:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nemos Secret - The Nautilus
[2010/07/22 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Echoes of the Past - The Castle of Shadows Collectors Edition
[2010/07/22 13:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/22 13:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/22 13:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/22 13:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/22 12:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\The Clockwork Man The Hidden World
[2010/07/21 12:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\The Pirates Treasure - An Oliver Hook Mystery
[2010/07/20 17:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simajo The Travel Móstery Game
[2010/07/20 17:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Simajo - The Travel Mystery Game
[2010/07/20 04:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\aarons
[2010/07/19 16:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010/07/19 16:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Snowy Treasure Hunter 3
[2010/07/19 16:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Snowy Treasure Hunter 3
[2010/07/18 18:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Journalistic Stories
[2010/07/17 11:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2010/07/17 11:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Elixir of Immortality
[2010/07/16 17:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GameMill Entertainment
[2010/07/16 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Vampire Secrets
[2010/07/15 21:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Adventures The Great Gatsby
[2010/07/12 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/07/12 14:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\KranX Productions
[2010/07/10 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Time Dreamer
[2010/07/10 16:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Artifacts of the Past - Ancient Mysteries
[2010/07/07 11:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2010/07/07 11:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Laby
[2010/07/06 20:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Trail of the Twister
[2010/07/06 20:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Nancy Drew - Trail of the Twister
[2010/07/06 17:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Secrets of the Dragon Wheel
[2010/07/06 13:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\VendelGAMES
[2010/07/04 20:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Finstere Liebschaft
[2010/07/04 20:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2010/07/04 20:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\Immortal Lovers
[2010/07/03 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\The Fifth Gate
[2010/07/03 18:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mutant Arcade
[2010/07/03 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skymist The Lost Spirit Stones
[2010/07/02 15:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Journey of Hope
[2010/07/02 14:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Escape Whisper Valley
[2010/07/01 17:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/07/01 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy 3 Madagascar
[2010/06/30 19:24:24 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/30 19:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BBB
[2010/06/30 17:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Romancing the Seven Wonders - Great Pyramids
[2010/06/26 22:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Be a King 2
[2010/06/26 19:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Be a King 2
[2010/06/26 19:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mariaglorum
[2010/06/25 15:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vaultcracker The Last Safe
[2010/06/25 09:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\A Gypsy's Tale - The Tower of Secrets
[2010/06/25 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\A Gypsy's Tale - The Tower of Secrets
[2010/06/24 19:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles - The Book of Air C.E
[2010/06/23 22:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FunnyMiners
[2010/06/23 22:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Funny Miners
[2010/06/23 13:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brunhilda_Release
[2010/06/23 13:28:35 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/23 13:28:35 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/23 13:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2010/06/23 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brunhilda
[2010/06/22 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TeleportGamesLtd
[2010/06/22 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/06/22 10:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Ancient Adventures - Gift of Zeus
[2010/06/19 11:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Blood Oath
[2010/06/17 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\The Mysterious Past of Gregory Phoenix
[2010/06/17 09:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Agatha Christie - 450 from Paddington
[2010/06/16 08:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\The Crop Circles Mystery
[2010/06/15 23:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Jugilus
[2010/06/15 14:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Lights, Camera, Curses
[2010/06/15 13:38:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Nancy Drew Dossier Lights Camera Curses
[2010/06/15 13:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nancy Drew Dossier Lights Camera Curses
[2010/06/13 18:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Burger Bustle
[2010/06/13 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Zzed
[2010/06/13 11:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Midnight Mysteries 2 Salem Witch Trials
[2010/06/08 16:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gamenext
[2010/06/08 16:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\AirXonix
[2010/06/08 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Brawsome
[2010/06/08 10:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/06/08 10:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Jolly Rover
[2010/06/05 20:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Banana Bugs
[2010/06/05 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer - Contraband Mystery
[2010/06/04 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mysterious Travel - The Magic Diary
[2010/06/04 12:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Paige Harper and the Tome of Mystery
[2010/06/02 00:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/30 10:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Namco
[2010/05/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Awem
[2010/05/29 19:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Faded Reality
[2010/05/29 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Paige Harper and the Tome of Mystery
[2010/05/27 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Puppet Show - Souls of the Innocent Collectors Edition
[2010/05/27 14:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Build a Lot 5 Elizabethan Era
[2010/05/27 11:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2010/05/27 11:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/05/27 11:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Special Enquiry Detail - The Hand that Feeds
[2010/05/23 18:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2010/05/22 16:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SevenSails
[2010/05/22 16:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\The Heritage
[2010/05/21 12:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MagicIndie
[2010/05/21 11:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlitPop
[2010/05/20 21:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Biozone
[2010/05/20 18:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PassionFruit Games
[2010/05/20 18:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Strange Cases - The Lighthouse Mystery Collectors Edition
[2010/05/20 18:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tiger Eye Part 1 - Curse Of The Riddle Box
[2010/05/14 19:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/05/14 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Buried In Time
[2010/05/14 19:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2010/05/11 19:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\bigup16
[2010/05/09 11:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NevoSoft Games
[2010/05/09 11:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Craft 2
[2010/05/08 22:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HillStoneAnimationStudios_MBV
[2010/05/05 15:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SquareLogic
[2010/05/04 18:29:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Every Day Genius Square Logic
[2010/05/02 18:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Freeze Tag
[2010/05/02 11:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Namco
[2010/05/01 21:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Eternity

========== Files - Modified Within 90 Days ==========

[2010/07/30 19:48:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54B5413B-8875-4A1E-927B-94B4B1617DB7}.job
[2010/07/30 19:47:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/30 19:42:23 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/30 19:41:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/30 19:40:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/30 19:40:36 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/30 19:40:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/30 19:40:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/30 19:40:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/30 19:39:28 | 016,515,072 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/30 19:32:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/30 06:37:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/30 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/30 00:22:24 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2010/07/28 23:57:29 | 001,575,180 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/20 18:50:29 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 20:59:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twister.INI
[2010/06/30 19:24:25 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/30 19:18:50 | 000,195,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/28 21:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 19:43:25 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/06/23 15:09:16 | 000,521,600 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 15:09:16 | 000,455,882 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 15:09:16 | 000,075,882 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 13:30:01 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/06/23 13:30:01 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/06/15 14:18:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Curses.INI
[2010/06/10 18:20:48 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

========== Files Created - No Company Name ==========

[2010/07/30 00:22:23 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2010/07/06 20:59:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twister.INI
[2010/06/15 14:18:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/04/14 08:16:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2010/04/14 08:16:43 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/04/07 18:27:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/02/02 19:28:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/01/22 01:57:03 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/11/22 14:16:28 | 000,000,427 | ---- | C] () -- C:\WINDOWS\Buildalot4.ini
[2009/10/06 20:30:34 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/29 14:03:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/08/08 16:13:38 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/13 14:45:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/01 15:25:07 | 000,000,616 | ---- | C] () -- C:\WINDOWS\RegGenie.ini
[2009/03/30 19:37:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/02/19 23:43:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/18 16:21:36 | 000,001,079 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/10/02 12:40:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/08/23 19:46:25 | 000,000,231 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/18 10:37:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/14 16:35:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/12 16:09:02 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/12 16:09:00 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/12 16:08:58 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/12 16:08:58 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/06 19:13:06 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/25 23:40:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\swsystem.dll
[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/15 13:27:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/10 22:48:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/05/01 19:09:49 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/05/01 19:09:46 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/05/01 19:09:46 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/05/01 19:09:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/01 19:09:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/29 19:26:51 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/04/23 19:51:49 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/04/23 13:28:37 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/04/23 13:21:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/04/23 13:21:24 | 000,127,681 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/04/23 13:21:18 | 000,102,622 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/04/23 12:11:44 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/03/15 22:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20000Leagues
[2008/12/18 15:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/05/14 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2010/02/21 00:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2010/07/30 15:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/06/26 12:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/07/19 16:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2008/12/21 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlwaysNeat
[2010/01/23 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/02/10 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ApeZone
[2008/12/26 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2009/11/24 02:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2009/07/27 14:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/05/16 16:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/10/19 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2010/02/01 13:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/09/13 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2009/02/21 22:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2009/11/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/05/21 11:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlitPop
[2009/09/21 00:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2010/03/12 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Braintonik
[2010/06/08 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brawsome
[2010/05/14 19:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2010/05/23 18:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2009/12/02 13:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2010/04/29 15:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2008/06/06 15:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
[2009/02/15 13:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2009/01/06 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2010/07/24 18:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2009/11/18 15:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
[2008/04/23 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/07/19 08:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
[2009/01/12 13:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2008/08/27 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/08/12 18:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/03/10 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2010/07/02 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2010/04/17 09:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2010/01/08 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2010/07/04 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Finstere Liebschaft
[2008/06/28 13:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/02/19 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/06/17 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/04/29 16:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/10/27 10:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/01/06 13:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/02/03 14:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameMill
[2010/07/07 11:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamePlastic
[2009/11/26 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/06/09 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMESHASTRA
[2009/07/24 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2010/06/26 09:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/11/20 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/02/05 21:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2008/04/30 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009/09/01 12:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2010/05/27 14:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/01/22 02:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/02/01 16:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2010/03/30 13:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
[2010/05/13 14:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2008/12/19 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/08/06 17:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009/08/06 17:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/03 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/06/15 23:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jugilus
[2010/03/18 21:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingdom
[2009/07/15 15:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2009/12/21 15:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/02/10 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2009/05/29 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2010/06/19 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/01/26 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Million
[2010/06/13 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/14 23:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/04/09 16:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2010/05/30 10:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2008/12/01 17:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2010/02/09 13:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2008/11/29 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2009/01/23 15:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2009/06/13 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/19 08:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2008/09/10 10:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2010/07/03 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/17 13:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2010/04/02 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/01/07 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/08/21 17:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2010/02/22 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QB9
[2009/12/08 21:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/07/20 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simajo The Travel Móstery Game
[2009/05/18 14:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/09/26 00:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2009/01/13 14:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sowhat
[2008/06/05 11:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/06/13 21:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/08/17 00:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2010/06/22 10:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TeleportGamesLtd
[2010/07/30 14:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/07 17:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2010/02/10 12:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2009/12/28 00:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2008/08/05 14:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2010/03/28 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2009/01/17 16:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/06/10 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/07/11 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2009/07/11 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2009/05/18 09:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
[2010/03/15 22:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\20000Leagues
[2009/04/27 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3 Days Zoo Mystery
[2010/06/26 11:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\A Gypsy's Tale - The Tower of Secrets
[2009/02/21 04:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acreon
[2009/07/14 15:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aisle 5 Games, Inc
[2010/05/14 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar
[2010/02/21 00:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Alawar Entertainment
[2009/01/24 09:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AlterLab
[2008/08/01 07:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amaranth Games
[2008/08/11 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ancient Quest of Saqqarah__reflexive
[2008/12/04 21:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Archibald's Adventures
[2010/02/03 15:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artifex Mundi
[2010/03/29 12:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artogon
[2009/07/27 14:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ashampoo
[2010/05/29 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Awem
[2009/04/21 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azuaz Games
[2010/03/05 17:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AzuazGames
[2010/02/01 13:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BanzaiInteractive
[2010/06/30 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BBB
[2010/06/30 12:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Be a King 2
[2008/09/04 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeachPartyCraze
[2010/06/16 09:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2010/05/20 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Biozone
[2009/11/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\blg
[2010/04/23 00:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boolat Games
[2010/05/29 19:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Boomzap
[2010/03/12 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Braintonik
[2009/03/02 19:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrandX Games
[2010/06/08 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brawsome
[2009/12/22 16:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BrokenHearts
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brunhilda
[2010/06/23 13:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brunhilda_Release
[2009/10/07 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\casanova
[2009/11/24 01:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cat's Eye Games
[2008/12/19 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CatmoonGames
[2008/06/09 13:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus
[2009/08/11 12:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cerasus.media
[2009/12/06 16:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ChaYoWo Games
[2009/01/30 16:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coyotes Tale
[2009/12/02 13:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Curious Sense
[2010/03/14 13:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DarkParablesBriarRose_BFG
[2010/01/09 16:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dragon Altar Games
[2009/11/11 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EcoRescue
[2009/01/06 12:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eGames
[2009/07/31 14:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EleFun Games
[2009/11/03 17:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElementalsTheMagicKey
[2009/10/09 15:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enki Games
[2009/06/26 15:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Enlightenus
[2010/06/04 20:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ERS G-Studio
[2009/01/09 16:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fabulous Finds
[2008/07/13 11:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FarmerJane
[2010/07/04 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Finstere Liebschaft
[2008/11/25 13:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FirstColony
[2010/02/19 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2010/06/17 09:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Floodlight Games
[2010/04/17 06:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FlyWheelGames
[2008/09/26 13:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ForgottenRiddles2
[2010/05/02 18:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freeze Tag
[2010/03/18 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freezetag
[2010/04/29 16:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\freshgames
[2008/12/19 23:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/02/23 12:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Frogwares
[2010/04/29 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fugazo
[2010/03/12 18:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\G-HeadGames
[2008/05/17 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gaijin Ent
[2009/12/14 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Game Mill Entertainment
[2010/03/15 18:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameInvest
[2008/11/14 10:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamelab
[2010/02/03 14:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameMill
[2010/07/16 17:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GameMill Entertainment
[2009/11/26 16:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gamers Digital
[2009/07/12 15:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Games
[2008/06/04 09:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GamesCafe
[2009/06/09 17:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GAMESHASTRA
[2010/02/01 21:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gestalt Games
[2008/08/15 19:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
[2008/11/20 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gogii Games
[2010/07/21 12:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gold Casual Games
[2009/10/25 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GTM_Bodie
[2010/02/28 19:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HdO Adventure
[2010/05/08 22:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HillStoneAnimationStudios_MBV
[2009/04/18 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2009/08/24 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HSA
[2009/12/11 16:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iMaxGen
[2008/12/28 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IOMediaSupport6SZZ001s
[2009/05/24 16:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IronCode
[2009/01/27 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Island
[2008/05/29 17:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ITTNord
[2009/08/06 17:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iWin
[2008/08/23 10:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jane s Realty hitzwarez net
[2010/03/20 18:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetdogs Studios
[2009/01/28 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jetsetter
[2010/04/11 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JoyBits
[2009/10/15 09:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KlickTock
[2010/07/12 14:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KranX Productions
[2010/05/02 10:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lazy Turtle Games
[2010/02/15 13:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LegacyInteractive
[2009/10/10 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2009/07/15 15:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Games Company
[2010/04/10 13:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Little Noir Stories
[2008/05/02 11:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LTOA
[2009/12/21 15:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ludia
[2009/08/20 20:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MA
[2009/10/03 11:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Academy 2
[2008/05/17 14:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic Seeds
[2010/04/03 19:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Magic3
[2010/05/21 12:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicIndie
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicMatch
[2010/06/26 19:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mariaglorum
[2009/12/05 17:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MastersOfMystery2
[2009/05/29 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mean Hamster
[2010/03/05 18:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MemoryClinic
[2010/02/24 10:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Meridian93
[2010/06/19 11:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Merscom
[2009/10/21 13:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MissTeriTale3
[2010/07/03 18:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mutant Arcade
[2008/05/13 21:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\My Games
[2010/07/29 10:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteriousCaseOfJekyllAndHyde
[2009/11/18 11:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MysteryStudio
[2010/05/30 10:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Namco
[2010/03/14 20:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nevosoft
[2010/05/09 11:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NevoSoft Games
[2010/07/23 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Odian Games
[2010/07/22 13:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orneon
[2009/12/15 17:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OtherSide Realm of Eons
[2010/06/05 10:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Paige Harper and the Tome of Mystery
[2009/02/17 15:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\panoramik
[2009/10/13 10:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ph03nixNewMedia
[2010/07/03 19:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/10/02 17:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Playrix Entertainment
[2010/01/07 13:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2008/12/10 15:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2008/05/16 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Purple Patch Games
[2010/02/22 12:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QB9
[2009/06/29 14:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Quirky Games
[2008/08/23 11:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Righteous Kill
[2009/01/25 21:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RobinsonCrusoe
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Saqqarah
[2010/04/06 16:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Scholastic
[2008/10/24 09:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecretIslandEng
[2008/12/18 16:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SerpentOfIsis
[2010/04/04 12:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Settlement. Colossus
[2010/05/22 16:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SevenSails
[2008/12/02 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Shape games
[2009/08/02 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\she_is_a_shadow
[2010/03/04 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ShinyTales
[2010/07/06 21:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Silverback Productions
[2010/06/10 10:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skunk Studios
[2010/03/30 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Specialbit
[2008/12/28 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spinapse
[2010/05/19 10:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2009/08/08 15:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SprillRichiEng
[2010/05/05 15:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SquareLogic
[2010/06/23 13:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneLoops!
[2008/05/10 15:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sudden Games
[2008/05/16 16:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SultanofPersia
[2010/05/20 18:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SulusGames
[2009/01/06 02:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Players
[2008/12/28 20:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Suspects and Clues Prefs
[2010/06/22 10:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeleportGamesLtd
[2010/02/10 12:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\The Inquisitor
[2010/01/15 13:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TheFixerUpper
[2010/07/10 17:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TikisLab
[2009/11/02 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TitanicMystery
[2008/08/25 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TMInc
[2010/03/28 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Top Evidence
[2010/07/23 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Total Eclipse
[2010/02/18 13:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TripleHippo
[2009/05/02 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twintale Entertainment
[2009/04/06 20:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2008/04/28 17:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/11/10 17:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\URSE Games
[2010/07/30 15:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/03/18 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\V-Games
[2009/01/17 16:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Valusoft
[2009/09/13 17:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VampireSaga
[2010/07/29 13:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vast Studios
[2010/07/06 13:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VendelGAMES
[2009/02/06 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ViquaSoft
[2009/12/28 01:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virtual Prophecy
[2010/07/17 11:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vogat Interactive
[2010/06/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/04/28 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2009/05/29 01:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/06/14 18:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2009/06/14 19:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2010/05/05 15:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YoudaGames
[2010/07/30 02:06:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/30 19:40:35 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/07/30 19:48:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{54B5413B-8875-4A1E-927B-94B4B1617DB7}.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: DUMPREP.EXE >
[2004/08/04 08:56:48 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=13922EB54890C77005268882629A31FE -- C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
[2008/04/14 01:12:18 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=8E16BF5600797E678EA97051CF93E6BF -- C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
[2008/04/14 01:12:18 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=8E16BF5600797E678EA97051CF93E6BF -- C:\WINDOWS\system32\dllcache\dumprep.exe
[2008/04/14 01:12:18 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=8E16BF5600797E678EA97051CF93E6BF -- C:\WINDOWS\system32\dumprep.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F59E8EA
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87B05421
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40DB6D00
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E341035
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FF74A17
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14FA5E46
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C48025
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65241CBC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8C785E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B30D9A49
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDEB08FD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8705CE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB8B6B1E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4CB577E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E16B36
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748C1C50
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2FF2B0A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5FC8FA1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C99C213
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83BF1A6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A28B4A2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7183FA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E24C78B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F95AE81
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FECE50
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E224648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07EA07E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2383F16C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F24D3D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:020ACF72
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC30FDA5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E86D926
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
< End of report >

#8
BlackOxide

Posted 30 July 2010 - 01:19 PM

Trusted Helper

Malware Removal
1,976 posts

here is the OTL scan log and Win32kDiag log. unfortunately i cant find the log for the OTL fix, would you like me to run it again?

Nope, what you did is fine, thanks.

Can you tell me if the redirects to GSearch are still happening?

#9
NorthernLight

Posted 30 July 2010 - 02:21 PM

Member

Topic Starter
Member
41 posts

just tested it, and it appears i am still getting redirected to landing.savetubevideo.com

#10
BlackOxide

Posted 30 July 2010 - 03:18 PM

Trusted Helper

Malware Removal
1,976 posts

Ok, please do the following

Download ComboFix from one of these locations:

Link 1
Link 2

IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply.

In your next reply
Please post the contents of...
ComboFix.txt

#11
NorthernLight

Posted 30 July 2010 - 05:37 PM

Member

Topic Starter
Member
41 posts

here is the combofix log

ComboFix 10-07-30.01 - Owner 30/07/2010 22:33:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.767.332 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 18:32 . 2010-07-30 18:32 -------- d-----w- C:\_OTL
2010-07-30 18:10 . 2010-07-30 18:25 -------- d-----w- c:\program files\Redemption Cemetery - Curse of the Raven Collector's Edition
2010-07-30 18:10 . 2010-07-30 18:10 -------- d-----w- c:\windows\Redemption Cemetery - Curse of the Raven Collector's Edition
2010-07-30 14:20 . 2010-07-30 14:21 -------- d-----w- c:\program files\Snark Busters Welcome to the Club
2010-07-30 14:20 . 2010-07-30 14:20 -------- d-----w- c:\windows\Snark Busters Welcome to the Club
2010-07-29 12:09 . 2010-07-29 12:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Vast Studios
2010-07-29 12:08 . 2010-07-29 12:08 -------- d-----w- c:\program files\Nightfall Mysteries - The Asylum Conspiracy
2010-07-29 12:08 . 2010-07-29 12:08 -------- d-----w- c:\windows\Nightfall Mysteries - The Asylum Conspiracy
2010-07-29 09:46 . 2010-07-29 09:46 -------- d-----w- c:\documents and settings\Owner\Application Data\MysteriousCaseOfJekyllAndHyde
2010-07-29 07:53 . 2010-07-29 07:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-07-28 14:39 . 2010-07-28 14:45 -------- d-----w- c:\program files\The Mysterious Case of Dr. Jekyll and Mr. Hyde
2010-07-28 14:39 . 2010-07-28 14:39 -------- d-----w- c:\windows\The Mysterious Case of Dr. Jekyll and Mr. Hyde
2010-07-24 17:38 . 2010-07-24 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Enkord
2010-07-24 17:20 . 2010-07-24 17:20 -------- d-----w- c:\windows\Totem Tribe Gold
2010-07-24 17:20 . 2010-07-24 17:20 -------- d-----w- c:\program files\Totem Tribe Gold
2010-07-24 14:40 . 2010-07-24 22:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\TheLostKingdomProphecy
2010-07-24 13:32 . 2010-07-24 13:32 -------- d-----w- c:\program files\The Lost Kingdom Prophecy
2010-07-24 13:32 . 2010-07-24 13:32 -------- d-----w- c:\windows\The Lost Kingdom Prophecy
2010-07-23 16:09 . 2010-07-23 16:48 -------- d-----w- c:\program files\Jade Rousseau - The Fall of Sant Antonio
2010-07-23 15:54 . 2010-07-23 15:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Odian Games
2010-07-23 15:25 . 2010-07-23 15:47 -------- d-----w- c:\program files\Nemos Secret - The Nautilus
2010-07-22 12:39 . 2010-07-22 12:41 -------- d-----w- c:\program files\Echoes of the Past - The Castle of Shadows Collectors Edition
2010-07-22 12:17 . 2010-07-24 14:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-22 12:12 . 2010-07-24 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-22 12:12 . 2010-07-22 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-22 12:12 . 2010-07-22 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-22 11:12 . 2010-07-22 11:15 -------- d-----w- c:\program files\The Clockwork Man The Hidden World
2010-07-22 08:54 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-21 11:36 . 2010-07-21 11:46 -------- d-----w- c:\program files\The Pirates Treasure - An Oliver Hook Mystery
2010-07-20 16:13 . 2010-07-20 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Simajo The Travel Móstery Game
2010-07-20 16:05 . 2010-07-20 16:12 -------- d-----w- c:\program files\Simajo - The Travel Mystery Game
2010-07-19 15:29 . 2010-07-19 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Aliasworlds
2010-07-19 15:28 . 2010-07-19 15:28 -------- d-----w- c:\program files\Snowy Treasure Hunter 3
2010-07-19 15:28 . 2010-07-19 15:28 -------- d-----w- c:\windows\Snowy Treasure Hunter 3
2010-07-18 17:37 . 2010-07-18 17:40 -------- d-----w- c:\program files\Journalistic Stories
2010-07-17 10:41 . 2010-07-17 10:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Vogat Interactive
2010-07-17 10:38 . 2010-07-17 10:39 -------- d-----w- c:\program files\Elixir of Immortality
2010-07-16 16:13 . 2010-07-16 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\GameMill Entertainment
2010-07-16 16:11 . 2010-07-16 16:12 -------- d-----w- c:\program files\Hidden Mysteries - Vampire Secrets
2010-07-15 20:02 . 2010-07-15 20:02 -------- d-----w- c:\program files\Classic Adventures The Great Gatsby
2010-07-12 16:52 . 2010-07-12 16:52 -------- d-----w- c:\program files\Recuva
2010-07-12 13:13 . 2010-07-12 13:13 -------- d-----w- c:\documents and settings\Owner\Application Data\KranX Productions
2010-07-11 18:25 . 2010-07-11 18:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-07-10 16:15 . 2010-07-10 16:16 -------- d-----w- c:\program files\Time Dreamer
2010-07-10 15:26 . 2010-07-10 15:27 -------- d-----w- c:\program files\Artifacts of the Past - Ancient Mysteries
2010-07-07 10:49 . 2010-07-07 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\GamePlastic
2010-07-07 10:41 . 2010-07-07 10:42 -------- d-----w- c:\program files\Laby
2010-07-06 19:47 . 2010-07-06 19:51 -------- d-----w- c:\program files\Nancy Drew - Trail of the Twister
2010-07-06 16:47 . 2010-07-06 16:53 -------- d-----w- c:\program files\Secrets of the Dragon Wheel
2010-07-06 12:43 . 2010-07-06 12:43 -------- d-----w- c:\documents and settings\Owner\Application Data\VendelGAMES
2010-07-04 19:59 . 2010-07-04 19:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Finstere Liebschaft
2010-07-04 19:59 . 2010-07-04 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Finstere Liebschaft
2010-07-04 19:53 . 2010-07-04 19:53 -------- d-----w- c:\program files\Immortal Lovers
2010-07-03 18:23 . 2010-07-03 18:23 -------- d-----w- c:\program files\The Fifth Gate
2010-07-03 17:54 . 2010-07-03 17:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Mutant Arcade
2010-07-03 17:52 . 2010-07-03 17:53 -------- d-----w- c:\program files\Skymist The Lost Spirit Stones
2010-07-02 14:19 . 2010-07-02 14:19 -------- d-----w- c:\program files\Journey of Hope
2010-07-02 13:30 . 2010-07-02 13:30 -------- d-----w- c:\program files\Escape Whisper Valley
2010-07-01 16:45 . 2010-07-02 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_Madagascar
2010-07-01 16:43 . 2010-07-01 16:44 -------- d-----w- c:\program files\Farm Frenzy 3 Madagascar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 14:40 . 2008-11-08 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2010-07-30 14:19 . 2009-11-15 23:00 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-07-30 13:14 . 2008-05-16 15:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-30 11:18 . 2008-10-03 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-25 10:03 . 2009-05-28 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-23 13:58 . 2009-03-20 13:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Total Eclipse
2010-07-22 16:03 . 2010-06-01 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-22 16:01 . 2010-06-08 15:59 -------- d-----w- c:\program files\Gamenext
2010-07-22 12:42 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Orneon
2010-07-21 14:10 . 2008-07-05 13:26 -------- d-----w- c:\program files\Trend Micro
2010-07-21 11:49 . 2008-11-24 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Gold Casual Games
2010-07-19 07:47 . 2010-03-30 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Particles
2010-07-19 07:46 . 2009-03-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Far Mills
2010-07-12 19:40 . 2008-07-05 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-12 17:57 . 2009-09-20 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 16:17 . 2009-09-20 23:32 -------- d-----w- c:\documents and settings\Owner\Application Data\TikisLab
2010-07-06 20:01 . 2010-02-19 17:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Silverback Productions
2010-07-04 19:31 . 2008-10-17 11:01 -------- d-----w- c:\program files\Games
2010-07-03 18:24 . 2008-05-06 17:54 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2010-07-03 18:24 . 2008-05-06 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-07-02 21:49 . 2009-07-30 18:53 -------- d-----w- c:\program files\SpywareBlaster
2010-07-01 13:29 . 2010-04-29 15:17 -------- d-----w- c:\program files\Fiction Fixers Adventures in Wonderland Premium Edition
2010-06-30 18:09 . 2010-06-30 18:09 -------- d-----w- c:\documents and settings\Owner\Application Data\BBB
2010-06-30 16:12 . 2010-06-30 16:12 -------- d-----w- c:\program files\Romancing the Seven Wonders - Great Pyramids
2010-06-30 11:15 . 2010-06-26 21:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Be a King 2
2010-06-30 08:15 . 2010-05-20 17:30 -------- d-----w- c:\program files\Strange Cases - The Lighthouse Mystery Collectors Edition
2010-06-28 20:57 . 2010-06-30 18:24 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-02-15 23:50 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-15 23:50 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-15 23:50 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-15 23:50 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-15 23:50 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-15 23:50 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-15 23:50 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-15 23:50 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 10:06 . 2010-06-25 14:08 -------- d-----w- c:\program files\Vaultcracker The Last Safe
2010-06-26 18:59 . 2010-06-26 18:59 -------- d-----w- c:\program files\Be a King 2
2010-06-26 18:01 . 2010-06-26 18:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Mariaglorum
2010-06-26 11:09 . 2009-08-12 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-06-26 10:47 . 2010-06-25 08:57 -------- d-----w- c:\documents and settings\Owner\Application Data\A Gypsy's Tale - The Tower of Secrets
2010-06-26 08:17 . 2008-04-26 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2010-06-25 08:56 . 2010-06-25 08:56 -------- d-----w- c:\program files\A Gypsy's Tale - The Tower of Secrets
2010-06-24 18:20 . 2010-06-24 18:19 -------- d-----w- c:\program files\Dream Chronicles - The Book of Air C.E
2010-06-23 21:44 . 2010-06-23 21:42 -------- d-----w- c:\program files\Funny Miners
2010-06-23 16:42 . 2010-06-22 09:34 -------- d-----w- c:\program files\Ancient Adventures - Gift of Zeus
2010-06-23 12:50 . 2010-06-23 12:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Brunhilda_Release
2010-06-23 12:30 . 2010-06-23 12:28 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-23 12:30 . 2010-06-23 12:28 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-23 12:28 . 2010-06-23 12:28 -------- d-----w- c:\program files\OpenAL
2010-06-23 12:24 . 2010-06-23 12:24 -------- d-----w- c:\documents and settings\Owner\Application Data\StoneLoops!
2010-06-23 12:24 . 2010-06-23 12:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Saqqarah
2010-06-23 12:24 . 2010-06-23 12:24 -------- d-----w- c:\documents and settings\Owner\Application Data\MagicMatch
2010-06-23 12:24 . 2010-06-23 12:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Brunhilda
2010-06-22 09:36 . 2010-06-22 09:36 -------- d-----w- c:\documents and settings\Owner\Application Data\TeleportGamesLtd
2010-06-22 09:36 . 2010-06-22 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TeleportGamesLtd
2010-06-19 10:35 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Merscom
2010-06-19 10:35 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-06-19 10:10 . 2010-06-19 10:09 -------- d-----w- c:\program files\Blood Oath
2010-06-17 08:59 . 2010-05-27 10:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Floodlight Games
2010-06-17 08:59 . 2010-05-27 10:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games
2010-06-17 08:58 . 2010-06-17 08:58 -------- d-----w- c:\program files\Agatha Christie - 450 from Paddington
2010-06-16 08:16 . 2008-08-29 10:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Big Fish Games
2010-06-16 08:04 . 2010-06-16 07:58 -------- d-----w- c:\program files\The Crop Circles Mystery
2010-06-15 22:06 . 2010-06-15 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Jugilus
2010-06-15 12:39 . 2010-06-15 12:38 -------- d-----w- c:\program files\Nancy Drew Dossier Lights Camera Curses
2010-06-14 14:31 . 2008-04-23 11:04 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-13 20:42 . 2009-08-08 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2010-06-13 17:35 . 2010-06-13 17:35 -------- d-----w- c:\program files\Burger Bustle
2010-06-13 14:11 . 2010-06-13 14:11 -------- d-----w- c:\program files\Zzed
2010-06-13 10:05 . 2008-06-14 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-06-13 10:03 . 2010-06-13 10:02 -------- d-----w- c:\program files\Midnight Mysteries 2 Salem Witch Trials
2010-06-10 17:20 . 2010-02-19 17:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-06-10 09:38 . 2009-04-12 13:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Skunk Studios
2010-06-09 22:37 . 2008-05-01 18:12 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2010-06-08 15:35 . 2010-06-08 15:30 -------- d-----w- c:\program files\AirXonix
2010-06-08 09:56 . 2010-06-08 09:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Brawsome
2010-06-08 09:56 . 2010-06-08 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Brawsome
2010-06-08 09:54 . 2010-06-08 09:54 -------- d-----w- c:\program files\Jolly Rover
2010-06-05 19:45 . 2010-06-05 19:43 -------- d-----w- c:\program files\Banana Bugs
2010-06-05 16:15 . 2010-06-05 16:14 -------- d-----w- c:\program files\Explorer - Contraband Mystery
2010-06-05 09:22 . 2010-06-04 11:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Paige Harper and the Tome of Mystery
2010-06-05 09:03 . 2008-06-16 15:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 19:54 . 2009-09-12 10:41 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio
2010-06-04 19:54 . 2010-06-04 19:52 -------- d-----w- c:\program files\Mysterious Travel - The Magic Diary
2010-06-02 03:55 . 2010-07-24 14:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55 . 2010-07-24 14:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55 . 2010-07-24 14:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 10:41 . 2010-07-24 14:30 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 10:41 . 2010-07-24 14:30 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 10:41 . 2010-07-24 14:30 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 10:41 . 2010-07-24 14:30 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 10:41 . 2010-07-24 14:30 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 13:14 . 2009-10-03 10:39 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-08-04 09:39 . 2008-08-04 09:39 0 ----a-w- c:\program files\temp01
2009-06-13 20:58 . 2009-06-13 13:53 1370912 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-13 20:58 . 2009-06-13 13:53 27424 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2010-4-14 487424]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 14:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 14:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 14:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
2002-07-12 17:15 106496 ----a-w- c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-06-14 15:31 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:RealVNC
"5900:UDP"= 5900:UDP:RealVNC
"14229:TCP"= 14229:TCP:BitComet 14229 TCP
"14229:UDP"= 14229:UDP:BitComet 14229 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [23/01/2010 18:50 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2010 00:50 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/02/2010 00:50 17744]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/12/2009 19:22 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [14/04/2010 08:16 488960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 20:41]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 18:22]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 18:22]

2010-07-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-07-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]

2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{54B5413B-8875-4A1E-927B-94B4B1617DB7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,e3,64,c4,d0,9f,c1,4b,a6,0c,b6,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,e3,64,c4,d0,9f,c1,4b,a6,0c,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,e3,64,c4,d0,9f,c1,4b,a6,0c,b6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-07-30 22:53:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 21:53

Pre-Run: 44,417,335,296 bytes free
Post-Run: 44,214,349,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 19FEB51F8064A61DC471F8BC519F144F

#12
BlackOxide

Posted 31 July 2010 - 05:44 AM

Trusted Helper

Malware Removal
1,976 posts

Thanks for posting the log. I believe I may have found some items that are causing you problems. Please do the steps below and let me know if the problem still remains after doing these steps

1)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..extensions.enabledItems: search@helper:8.17
[2010/07/12 19:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\SearchHelper
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3)
How is the PC running now, can you tell me if the redirects are still happening?

In your next reply
Please post the contents of...
OTL log
MBAM log
Update on the redirects

#13
NorthernLight

Posted 31 July 2010 - 03:54 PM

Member

Topic Starter
Member
41 posts

Just ran through your guide. The redirects seem to have reduced dramatically and possibly stopped completely as i haven't had a problem in the last few minutes of testing. MBAM was clear, i'll post the otl log. I almost feel proud because i noticed those two in my last OTL log and thought they looked bad

though i know not to attempted to fix them myself

OTL Log:

All processes killed
========== OTL ==========
Prefs.js: search@helper:8.17 removed from extensions.enabledItems
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\SearchHelper\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sixzov2.default\extensions\SearchHelper folder moved successfully.
Prefs.js: "http://www.veerboo.c...results.php?q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 797 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81661095 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1913 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7027 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11048840 bytes

Total Files Cleaned = 89.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.9.1 log created on 07312010_212752

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#14
BlackOxide

Posted 01 August 2010 - 07:56 AM

Trusted Helper

Malware Removal
1,976 posts

The redirects seem to have reduced dramatically and possibly stopped completely as i haven't had a problem in the last few minutes of testing.

Good to hear

I almost feel proud because i noticed those two in my last OTL log and thought they looked bad though i know not to attempted to fix them myself

Well spotted

You did the right thing in not fixing them yourself, much safer that way, just in case anything did go wrong.

Think it's time to do an online scan just to make sure anything else is not lurking. If you could do the scan below and get back to me with what was found, thanks.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

In your next reply
Please post the contents of...
ESET Online Scan log

#15
NorthernLight

Posted 02 August 2010 - 11:36 AM

Member

Topic Starter
Member
41 posts

here is my eset log, I had to end it early as the power needed to be turned off. I started it again and the second log was clear

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ca6793ba4669f440ba8461a5d60f57bd
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-02 04:08:12
# local_time=2010-08-02 05:08:12 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1039653 1039653 0 0
# compatibility_mode=768 16777215 100 0 14486868 14486868 0 0
# compatibility_mode=1024 16777215 100 0 21080520 21080520 0 0
# compatibility_mode=5892 16776574 100 100 27486618 121525026 0 0
# compatibility_mode=8192 67108863 100 0 104 104 0 0
# scanned=247204
# found=6
# cleaned=6
# scan_time=4213
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws24.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws26.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn4.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C