Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/Rootkit/Redirect

Started by MsChief , Sep 15 2010 09:29 AM

This topic is locked

#31
MsChief

Posted 17 September 2010 - 09:36 AM

Member

Topic Starter
Member
33 posts

I just went online and do not seem to be getting any more redirects. Thank you so much for your patience with me.

#32
MsChief

Posted 17 September 2010 - 09:46 AM

Member

Topic Starter
Member
33 posts

After about ten minutes I have been getting redirected... UGH!

#33
heir

Posted 17 September 2010 - 09:53 AM

Trusted Helper

Malware Removal
5,427 posts

Hold on I'll have one of my colleagues have a look at this.

#34
MsChief

Posted 17 September 2010 - 11:53 AM

Member

Topic Starter
Member
33 posts

Hello,
I just got done with AT&T. They informed my boss that letting his network be "open" and not password protected was allowing the cellular phone store downstairs from our office to highjack the signal. The rep said she believes because they are using the signal to set up IPhones and Droids that is where all the viruses I've had were coming from and how it got into the 2Wire. We have since reset the modem and given it a password and now I am not gettting redirected. Thank You so much for all your help.

#35
heir

Posted 17 September 2010 - 12:09 PM

Trusted Helper

Malware Removal
5,427 posts

They informed my boss that letting his network be "open" and not password protected was allowing the cellular phone store downstairs from our office to highjack the signal.

You should always protect your connection. If someone can hijack it they will - free Internet access.
So keep that connection protected from now on.

You're welcome.

Before we close this topic I'd like you to run a couple of scanners to make sure there isn't something lurking in there.

After that I'll give you instructions on how to tidy up things after the tools we've used.

The Kaspersky Online Scan will take a while ..... like hours. You might consider to run it overnight.

Step 1.
Clean temp locations:

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2.
Scan with MBAM:

Launch Malwarebytes' Anti-Malware.
Update Malwarebytes' Anti-Malware.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

The content of the report from MBAM from Step 2.
The content of the report from Kaspersky Online Scanner from Step 3.

#36
MsChief

Posted 17 September 2010 - 01:09 PM

Member

Topic Starter
Member
33 posts

I will run the Kaspersky scan over the weekend. I will post the results Monday. I am being redirected again. These are the results of the MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4640

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/17/2010 2:51:37 PM
mbam-log-2010-09-17 (14-51-37).txt

Scan type: Quick scan
Objects scanned: 139061
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#37
heir

Posted 17 September 2010 - 01:27 PM

Trusted Helper

Malware Removal
5,427 posts

After you've run Kaspersky Online Scanner.
Please also run this scanner.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

#38
MsChief

Posted 20 September 2010 - 07:22 AM

Member

Topic Starter
Member
33 posts

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 20, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, September 17, 2010 16:42:31
Records in database: 4217416
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 227391
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 06:17:09

No threats found. Scanned area is clean.

Selected area has been scanned.

Running ESET now...

#39
MsChief

Posted 20 September 2010 - 10:06 AM

Member

Topic Starter
Member
33 posts

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

This is the ESET Log.txt file...

I have only had one re-direct in 4 hours... It is somewhat better...

Edited by MsChief, 20 September 2010 - 10:07 AM.

#40
heir

Posted 21 September 2010 - 10:08 AM

Trusted Helper

Malware Removal
5,427 posts

Let's remove some unwanted stuff and do another scan.

Something I should point out, regarding CCleaner, Glary Utilities 2.26.0.956, and similar products

It's not recommended to use of registry cleaners. These often cause more problems than they fix. One of the Experts here at Geekstogo, miekiemoes has an excellent writeup here
Another excellent article by Bill Castner is located here.

Step 1.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Ask Toolbar
LimeWire 4.18.3

Optional removals
Limewire and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 2.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C25F20-E294-4BF2-96D4-5D53AFCE4098}"=-
"{A2DFF567-F3C9-47A4-AA00-916427673859}"=-
"{DFEAEE98-7876-41BF-BF0F-2D902B7F8AAC}"=-
"{E9D8D8D9-6993-4E91-96D6-101FF696C9E9}"=-
:Commands
[purity]
[emptytemp]
[emptyflash]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 3.
OTL-scan:

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, tick the box beside Scan All Users at the top.
Underneath Output at the top set it to Standard Output.
Underneath the option Extra Registry set it to Use SafeList.
Underneath the option File Scans tick the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
Download the following file scan.txt to your Desktop. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 4.
Things I would like to see in your reply:

Which P2P programs and registry cleaners were uninstalled
The content of the fixlog from OTL in step 2.
The content of OTL.txt and Extras.txt from step 3.
Information on how your computer is running now. (Any redirects? - If so to which sites.)

#41
MsChief

Posted 22 September 2010 - 12:26 PM

Member

Topic Starter
Member
33 posts

Heir;

Sorry I missed you yesterday. I did not want you to think I gave up but my dog got hit by a car and had to have surgery yesterday.

Step 1:
I removed the ask.com toolbar, the Zynga toolbar and a previously disabled yahoo toolbar. I also removed the Limewire copied from the previous clerk's PC. I removed both Glary Utilities and CCleaner. However when I bought this PC it came with Napster which it will NOT let me remove.

OTL Run/Fix scan log from Step 2

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02C25F20-E294-4BF2-96D4-5D53AFCE4098} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C25F20-E294-4BF2-96D4-5D53AFCE4098}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2DFF567-F3C9-47A4-AA00-916427673859} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DFF567-F3C9-47A4-AA00-916427673859}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFEAEE98-7876-41BF-BF0F-2D902B7F8AAC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEAEE98-7876-41BF-BF0F-2D902B7F8AAC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9D8D8D9-6993-4E91-96D6-101FF696C9E9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D8D8D9-6993-4E91-96D6-101FF696C9E9}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LawClerkTS
->Temp folder emptied: 110941797 bytes
->Temporary Internet Files folder emptied: 53772963 bytes
->Java cache emptied: 1247060 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 22515 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 158.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LawClerkTS
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09222010_134111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Step 3:

OTL.txt
OTL logfile created on: 9/22/2010 2:07:54 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = c:\Users\LawClerkTS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.09 Gb Total Space | 82.26 Gb Free Space | 59.14% Space Free | Partition Type: NTFS
Drive D: | 9.96 Gb Total Space | 3.95 Gb Free Space | 39.70% Space Free | Partition Type: NTFS
Drive E: | 19.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAWCLERKTS-PC
Current User Name: LawClerkTS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/17 11:58:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/17 11:58:25 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 11:58:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/17 11:58:21 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/17 11:58:10 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/17 11:57:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/17 11:57:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/15 13:33:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\LawClerkTS\Downloads\OTL.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/07 20:44:36 | 000,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007/07/05 20:38:18 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/04/23 00:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/10 15:43:52 | 000,270,336 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2003/05/04 04:12:10 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2002/07/11 14:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe

========== Modules (SafeList) ==========

MOD - [2010/09/17 11:59:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/09/15 13:33:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- c:\Users\LawClerkTS\Downloads\OTL.exe
MOD - [2009/09/30 18:02:04 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009/09/30 18:01:59 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009/09/24 19:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/06/10 04:41:46 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009/04/10 23:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/10 23:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/04/10 23:28:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009/04/10 23:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/10 23:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/10 23:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/10 23:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:36:58 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2008/01/19 00:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008/01/19 00:35:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2008/01/19 00:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/19 00:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 02:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/17 11:57:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/17 11:57:48 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 04:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LAWCLE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/17 11:59:21 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/17 11:59:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/17 11:59:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/23 03:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/26 15:46:30 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/09/07 13:32:58 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/09/07 13:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/07/24 19:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=T3626
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=T3626
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1199803121-450095120-661195697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1199803121-450095120-661195697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKU\S-1-5-21-1199803121-450095120-661195697-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1199803121-450095120-661195697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1199803121-450095120-661195697-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/09/14 09:27:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/17 10:54:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LMPDPSRV] C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PPort9reminder] C:\Program Files\ScanSoft\PaperPort\WebEreg\ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\LawClerkTS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/09/22 13:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/17 14:39:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/17 14:39:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/17 14:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 13:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-RC
[2010/09/17 13:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/09/17 13:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/09/17 11:59:21 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/17 11:59:20 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/17 11:59:08 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/17 11:59:06 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/17 11:58:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/09/17 10:59:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/17 10:59:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/17 10:59:33 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Local\temp
[2010/09/17 10:37:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/17 10:37:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/17 10:37:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/17 10:37:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/17 10:36:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/17 10:36:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/14 16:55:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/14 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\AppData\Roaming\Malwarebytes
[2010/09/14 09:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/14 09:16:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/27 10:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/08/27 10:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
[2010/08/26 13:56:43 | 000,000,000 | ---D | C] -- C:\Users\LawClerkTS\Documents\SClarke divorce
[2009/02/06 10:37:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009/02/06 10:37:06 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009/02/06 10:37:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009/02/06 10:37:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2010/09/22 14:07:15 | 004,980,736 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat
[2010/09/22 13:53:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/22 13:53:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/22 13:53:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/22 13:52:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/22 13:50:13 | 000,524,288 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TMContainer00000000000000000001.regtrans-ms
[2010/09/22 13:50:13 | 000,065,536 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat{e922ccb0-7eed-11df-899a-001e906f7bc7}.TM.blf
[2010/09/22 13:23:34 | 003,475,660 | -H-- | M] () -- C:\Users\LawClerkTS\AppData\Local\IconCache.db
[2010/09/22 13:23:09 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/09/22 09:32:06 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/09/22 08:53:28 | 065,139,593 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/20 12:30:32 | 000,852,945 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Cover Letters and Interviewing.pdf
[2010/09/20 12:13:53 | 000,000,162 | -H-- | M] () -- C:\Users\LawClerkTS\Documents\~$hroeder BNY cover.doc
[2010/09/20 12:13:28 | 000,000,162 | -H-- | M] () -- C:\Users\LawClerkTS\Documents\~$x_email cover.rtf
[2010/09/17 12:39:54 | 000,011,884 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Deborah Resume.docx
[2010/09/17 11:59:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/17 11:59:21 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/17 11:59:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/17 11:59:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/17 11:59:06 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/17 10:54:17 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/17 10:54:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/16 12:54:54 | 139,963,241 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/16 09:47:26 | 000,034,460 | ---- | M] () -- C:\Users\LawClerkTS\Documents\unhooker report
[2010/09/13 14:04:16 | 000,000,162 | -H-- | M] () -- C:\Users\LawClerkTS\Documents\~$Master Return Address Envelope.doc
[2010/09/10 14:33:19 | 000,033,280 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder to Hartford.doc
[2010/09/10 14:21:16 | 000,033,280 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder American Funds.doc
[2010/09/10 14:08:23 | 000,036,352 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Schroeder BNY cover.doc
[2010/09/09 13:26:16 | 000,270,511 | ---- | M] () -- C:\Users\LawClerkTS\Documents\template subpeona deuces tecum.pdf
[2010/09/08 11:57:15 | 000,035,328 | ---- | M] () -- C:\Users\LawClerkTS\Documents\WPace est Application for Attorney Fees edited TLS.doc
[2010/09/08 11:07:37 | 000,031,744 | ---- | M] () -- C:\Users\LawClerkTS\Documents\mcclurkin cover accounting.doc
[2010/09/08 10:51:04 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/08 10:51:04 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/08 10:51:04 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/03 14:55:46 | 000,022,528 | ---- | M] () -- C:\Users\LawClerkTS\Documents\A Master Return Address Envelope.doc
[2010/09/02 14:15:41 | 000,013,156 | ---- | M] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/09/01 10:38:59 | 000,150,174 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Benson Deed.pdf
[2010/08/30 11:36:12 | 000,013,068 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Monday August 30 job report.docx
[2010/08/30 10:30:26 | 000,046,800 | ---- | M] () -- C:\Users\LawClerkTS\Documents\house bill 478.docx
[2010/08/26 10:02:09 | 000,309,098 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Benson 2010 accounting.pdf
[2010/08/25 11:04:24 | 000,011,608 | ---- | M] () -- C:\Users\LawClerkTS\Documents\Wednesday August 25 job report.docx

========== Files Created - No Company Name ==========

[2010/09/22 13:23:08 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/09/20 12:30:32 | 000,852,945 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Cover Letters and Interviewing.pdf
[2010/09/20 12:13:53 | 000,000,162 | -H-- | C] () -- C:\Users\LawClerkTS\Documents\~$hroeder BNY cover.doc
[2010/09/20 12:13:28 | 000,000,162 | -H-- | C] () -- C:\Users\LawClerkTS\Documents\~$x_email cover.rtf
[2010/09/17 12:39:49 | 000,011,884 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Deborah Resume.docx
[2010/09/17 11:59:05 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/17 11:58:56 | 065,139,593 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/17 10:37:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/17 10:37:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/17 10:37:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/17 10:37:40 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/17 10:37:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/16 09:47:25 | 000,034,460 | ---- | C] () -- C:\Users\LawClerkTS\Documents\unhooker report
[2010/09/14 16:55:52 | 139,963,241 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/13 14:04:16 | 000,000,162 | -H-- | C] () -- C:\Users\LawClerkTS\Documents\~$Master Return Address Envelope.doc
[2010/09/10 14:33:17 | 000,033,280 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder to Hartford.doc
[2010/09/10 14:21:14 | 000,033,280 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder American Funds.doc
[2010/09/10 14:08:20 | 000,036,352 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Schroeder BNY cover.doc
[2010/09/09 13:26:16 | 000,270,511 | ---- | C] () -- C:\Users\LawClerkTS\Documents\template subpeona deuces tecum.pdf
[2010/09/08 11:57:14 | 000,035,328 | ---- | C] () -- C:\Users\LawClerkTS\Documents\WPace est Application for Attorney Fees edited TLS.doc
[2010/09/08 11:07:34 | 000,031,744 | ---- | C] () -- C:\Users\LawClerkTS\Documents\mcclurkin cover accounting.doc
[2010/09/03 14:55:44 | 000,022,528 | ---- | C] () -- C:\Users\LawClerkTS\Documents\A Master Return Address Envelope.doc
[2010/09/02 14:15:39 | 000,013,156 | ---- | C] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/09/01 10:38:59 | 000,150,174 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Benson Deed.pdf
[2010/08/30 11:36:00 | 000,013,068 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Monday August 30 job report.docx
[2010/08/30 10:30:23 | 000,046,800 | ---- | C] () -- C:\Users\LawClerkTS\Documents\house bill 478.docx
[2010/08/26 10:02:09 | 000,309,098 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Benson 2010 accounting.pdf
[2010/08/25 11:04:15 | 000,011,608 | ---- | C] () -- C:\Users\LawClerkTS\Documents\Wednesday August 25 job report.docx
[2010/08/16 11:03:28 | 000,746,892 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/03/18 16:52:48 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOBZ2ABL.DLL
[2010/03/04 11:46:02 | 000,001,356 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Local\d3d9caps.dat
[2010/03/03 13:38:40 | 000,000,000 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\29b9dc40
[2009/09/18 10:41:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/02/06 10:37:09 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009/01/23 13:01:57 | 000,000,220 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\wklnhst.dat
[2008/03/20 10:06:29 | 000,026,337 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/03/12 12:20:28 | 000,000,019 | ---- | C] () -- C:\Windows\vaLangChoice.ini
[2008/03/12 12:19:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\LM_SUPPORT.INI
[2008/01/14 15:54:44 | 000,000,268 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\LMCPaper.dat
[2008/01/08 13:37:37 | 000,003,932 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Roaming\LMLayout.dat
[2008/01/07 11:08:16 | 000,022,016 | ---- | C] () -- C:\Users\LawClerkTS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2008/05/02 09:30:13 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\7Wonders
[2009/06/02 10:26:12 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Anabel
[2009/10/15 13:52:39 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Artogon
[2009/08/27 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Aveyond 3
[2008/05/01 13:53:59 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Beep
[2008/04/22 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Big Fish Games
[2008/04/21 13:53:25 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Boomzap
[2010/03/30 13:42:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Camel101
[2008/03/14 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\CaribbeanHideaway
[2009/12/11 16:32:49 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/13 09:29:09 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\DataCast
[2008/02/26 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\DiVision Studios - Escaping Atlantis
[2009/10/13 13:17:58 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Dreamsdwell Stories
[2009/05/21 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\EnchantedCavern
[2009/05/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Fabulous Finds
[2009/02/09 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Flood Light Games
[2008/03/11 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\FloodLightGames
[2008/12/11 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2008/02/26 11:40:51 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\GAMEON
[2009/09/18 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Games
[2010/06/25 11:22:59 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\GlarySoft
[2009/06/15 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Gold Casual Games
[2009/11/16 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Hidden Island Data
[2008/01/28 11:26:44 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Home Sweet Home
[2009/09/22 13:38:19 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\ImperialCity
[2008/04/28 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\iWin
[2008/04/11 11:59:33 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\KewlBoxPrefs
[2008/07/03 11:28:34 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Leadertech
[2010/03/26 09:13:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\LimeWire
[2008/02/19 16:47:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Magic Academy
[2008/04/08 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\MagicStonesY
[2008/03/19 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Mind Control Software
[2009/06/23 09:56:32 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\My Games
[2008/05/29 12:52:32 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\MysteryStudio
[2009/09/28 10:10:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Oberonv1002
[2008/04/04 11:03:21 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pi Eye Games
[2008/03/14 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pirate Stories Kit Ellis
[2009/05/21 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\PlayFirst
[2010/06/08 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Pogo Games
[2010/08/13 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Registry Mechanic
[2009/09/22 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Restorer
[2008/01/07 13:14:54 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\SampleView
[2008/03/06 14:53:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\ScanSoft
[2009/06/02 12:28:04 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\SecretIslandEng
[2010/09/22 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Spare Backup
[2009/12/09 13:31:37 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Template
[2008/03/11 12:28:35 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\TheScruffs
[2008/04/10 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\URSE Games
[2008/04/28 15:42:02 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Valusoft
[2008/05/07 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\VeniceMysteryData
[2008/04/24 15:02:24 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Wildfire
[2008/03/12 13:22:43 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\WildTangent
[2008/04/25 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\Yatec Games
[2010/09/22 13:49:55 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/07/22 09:36:13 | 000,000,444 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/17 10:59:32 | 000,012,494 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2006/12/07 11:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2009/04/24 10:14:16 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2008/07/11 11:30:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/11 11:30:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/22 13:52:45 | 1251,749,888 | -HS- | M] () -- C:\pagefile.sys
[2010/09/22 09:32:06 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007/09/03 18:51:14 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/09/03 18:44:54 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2010/09/16 13:26:24 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 09-16-10 (13-26-24).txt
[2010/09/16 10:07:25 | 000,112,626 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_16.09.2010_10.05.20_log.txt
[2007/09/03 19:46:43 | 000,000,080 | ---- | M] () -- C:\USBPatch.log

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/30 10:49:14 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2008/09/09 11:08:36 | 000,034,816 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\KOBZ2ABP.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/25 10:51:12 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/17 11:53:10 | 000,000,286 | -HS- | M] () -- C:\Users\LawClerkTS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/02/27 18:36:18 | 000,013,023 | ---- | M] () -- C:\Windows\snpstd3.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/01/07 11:02:34 | 000,000,402 | -HS- | M] () -- C:\Users\LawClerkTS\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/16 11:10:14 | 000,746,892 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[10 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 14:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/22 14:13:15 | 004,980,736 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat
[2010/06/23 10:55:59 | 004,980,736 | -HS- | M] () -- C:\Users\LawClerkTS\ntuser.dat_previous

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2005/06/03 02:08:00 | 000,520,192 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CPC10D.EXE
[2005/06/03 02:08:00 | 000,884,736 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CPC10Q.EXE
[2005/06/03 02:08:00 | 000,454,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CPC10V.EXE
[2002/07/11 14:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
[2002/07/11 14:33:56 | 000,053,248 | ---- | M] (DeviceGuys) -- C:\Windows\System32\spool\drivers\w32x86\3\LMPDPUI.exe

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-22 16:09:01

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:333D4670
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4339E80E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:583600BF
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:27EEEB5C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:001F2DD1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DEF2E739
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C61EF274
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:78DBBDCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1C5692E6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD874E14
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6CC86DF2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:680DD2F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:52CFA21D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F56E823C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F4CD3D0C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:77D45B2F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FB137066
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FA42DF8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BB64EAA8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D5E5CFEC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BCEA2040
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:975EFF04
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8F6DDD92
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7F28C036
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:54362937
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3214A283
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D09D4E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:61B2F40C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4B49E3BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:389D4B73
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB75B05F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E018C6FA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A98EF1F7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9731602C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8D10D643
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:77A2F1C0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94AC4BF7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:57574112
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A92EB9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C870DCBB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B2FF6BFE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50631D57
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1EBA5B8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A90C55DC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA24D1FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7D2C5D65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6A79A8D4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6659D318
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:450E40FD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3E39CAA9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:321B811D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FC7AF9F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3A6DC77
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3313EA24
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA2FBCA1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E1B9ACBE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DEC7E19B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74870514
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:127BBD85
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF89A86D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E37541B7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D9B14491
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B1C84058
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6C184524
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC41EBC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B251D199
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7F403760
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2933FBFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:949483BD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AA50F13
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EEA9057A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CAA71687
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BA4AE5FC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3CF7E866
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFF24E88
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E94B3A80
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BCBC7E36
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A2AACBFA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8135A716
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C8D7A39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3A70B627
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:275B4CFC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D21BAD68
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BF02D1CD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9DAC67BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FC44F0E7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F4DE1EC6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6EA2A3B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E06AC882
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A94C9389
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CEB4672B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C3486760
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B8CD2C07
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8A2AAEB5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:814402E6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1FBF7E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE5F00D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9CD10922
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:82C50600
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6FA71CCF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6248E15F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4B9F47D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1B8B2AF8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E36991C0
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AD85914A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:29468260
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:ED2ADD13
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9D57BC73
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AD618C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:29B2472B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CD7CFE01
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:81ED9272
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:51E4E516
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:268F887D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8FBC80F9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:72784F8B
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6DCDF446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:503A27F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E2CD81E1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A761C913
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7C615D8C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:494C4968
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F405A6B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:85B07A67
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D6BDE53F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:94D19DE1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:59BDDCD5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE20CF3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FF23A360
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:46545F5C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C8B57520
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A18FC5E4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7478C5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:50EC82D2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:29187573
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BBAFC89E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B60301F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:693E8A55
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7025E8E7
< End of report >

OTL Extras.txt:

OTL Extras logfile created on: 9/22/2010 2:07:54 PM - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = c:\Users\LawClerkTS\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 249.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.09 Gb Total Space | 82.26 Gb Free Space | 59.14% Space Free | Partition Type: NTFS
Drive D: | 9.96 Gb Total Space | 3.95 Gb Free Space | 39.70% Space Free | Partition Type: NTFS
Drive E: | 19.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAWCLERKTS-PC
Current User Name: LawClerkTS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07922F4F-9516-4F3D-8BD5-9A220D47653E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B4C4644-C2E7-415F-A403-9708D5EDAF87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D647E71-7794-49E3-A52D-4BF2DA03551C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B89428-658B-4B91-A2CF-E2DEA92C3D7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D1D6A08-F7B6-434A-98AE-E8DBBDC2421B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4621A846-C373-4472-B9C6-774F5F759407}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B2CAA6C-982A-49F9-8BF2-F96E3E002BB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F95D4C9-EC20-46A0-9C20-67A2F0FAA021}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6376A17E-3848-4CAA-88BE-FA10C147BBFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A185D53-3480-437B-95D0-8E5B0F1CD60A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F4DD3C8-2F7A-4A43-BEC9-F65599862D75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7CAC5622-E9AA-4296-9BBF-12A812196178}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1B677DA-EE11-42BF-ADD3-E0C0CE156AD9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A3E4377A-B8D2-45D7-A4F1-4C4BAF5650B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAE501A8-8516-4488-988A-5752BA03F6A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4F804F7-F95A-491D-B28C-6835C747F635}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BADCF40D-D311-47EE-B6BE-3442444A517B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15C45801-A2F2-40F0-BA7B-E47606043A84}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{1B6A9D21-D54D-4CFF-9FDB-2702449CF0D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2AE18931-C1C6-44A0-A608-A827023508B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C34487F-ACED-4600-A6A1-91A5D7E522F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38858D67-47FD-4892-ACC4-ADF5BFA505C5}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{3AC4E06C-1074-4091-AF00-ABDCF7576033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44A103F1-1B02-4A58-AAC4-688037175D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CFA92D9-D332-458D-96AF-18A1C467593C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{521578ED-E8EF-4E22-A3BA-140EF0E61654}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55A271F2-F701-4117-B731-7C482144C834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65795B9B-90FC-4001-8BB8-BC42A0A7AF84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A770F91-F421-4D72-BB2F-919A842F85C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{737BBF31-CFA0-44E5-9CD9-9CD1E715E1FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{816A6735-E824-41A8-A12B-EB82770728A1}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{85AB9674-0F3F-453E-B7D1-2B90032C969D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8681DA8E-4686-47DE-A593-6EBEC82E1436}" = protocol=6 | dir=out | app=system |
"{8A338870-BD5D-4C06-928D-C603FC7FD0A3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8F3AF725-8839-4904-9ACC-69E9B5357618}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{96745441-28B4-4B59-91AF-7B2FA367D5BB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9E540604-A4C3-4F2C-9206-86368E5285F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5D987F3-884A-437D-B45D-A79CF3B06251}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A64D15D9-2BE0-4065-9808-1D88F32B4E11}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{C787A23E-A312-41D9-ADFF-9D71402C0289}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E27F060C-0216-417E-A970-39E58CF6381B}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{FAFFA768-96C5-4D62-ADEB-EFE3CBAE0DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0FAC82-1F03-45A6-88A4-61084A87B19F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD087663-6FE5-4806-98EB-6724E04AFDDB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{D3D52A6D-5153-495F-823A-6DC9AEFE67B6}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |
"UDP Query User{DDF50B58-F80E-454C-AEAE-A8A861D74B60}C:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lmpdpsrv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F5B2E96-C322-4CFC-9254-52AEAA5F3C6A}" = SkyMotion
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{629122EC-B318-47AB-8ECB-22AAD6A82DF3}" = WBOPF5
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A724058-2D43-11D6-AD5B-00105AE20051}" = ViewAhead Photo Center
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869E7242-3E57-4245-8E09-68470BFEF638}" = Cuyahoga
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3DACDE8-CF4A-4B21-9511-77E2918D10A5}" = WOGF4
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A5BA40DB-829E-4931-AE2A-7AD373D3CBCB}" = WOGF3
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}" = Windows Vista Upgrade Advisor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE98067 98756 and 98046 MiniCam Pro
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDCE9C15-EB45-11D5-89C7-0050DA162A25}" = PaperPort 9.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATT-RC" = ATT-RC Self Support Tool
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMachines Game Console" = eMachines Game Console
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Tax Forms Helper 2008_is1" = Tax Forms Helper 2008 8.5
"WT023901" = Penguins!
"WT023949" = Polar Bowler
"WT023955" = Polar Golfer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2010 1:27:29 PM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 4/19/2010 1:31:39 PM | Computer Name = LawClerkTS-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 4/19/2010 1:39:30 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/19/2010 1:39:30 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/19/2010 1:39:30 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4/19/2010 5:07:29 PM | Computer Name = LawClerkTS-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 4/20/2010 12:26:33 PM | Computer Name = LawClerkTS-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 4/20/2010 12:32:03 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/20/2010 12:32:03 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/20/2010 12:32:03 PM | Computer Name = LawClerkTS-PC | Source = MsiInstaller | ID = 1024
Description =

[ Media Center Events ]
Error - 4/16/2008 1:06:20 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 12:23:35 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/9/2009 12:36:23 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/11/2009 4:27:28 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/11/2009 6:26:29 PM | Computer Name = LawClerkTS-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/22/2010 12:07:24 PM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/22/2010 12:08:00 PM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/22/2010 12:08:31 PM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/22/2010 12:10:55 PM | Computer Name = LawClerkTS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/22/2010 4:21:57 PM | Computer Name = LawClerkTS-PC | Source = DCOM | ID = 10010
Description =

Error - 9/22/2010 4:24:14 PM | Computer Name = LawClerkTS-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/22/2010 4:29:15 PM | Computer Name = LawClerkTS-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{73A0A428-D577-46D9-8F88-79E9D238D0CA}
because another computer on the network has the same name. The server could not
start.

Error - 9/22/2010 4:30:23 PM | Computer Name = LawClerkTS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/22/2010 4:49:46 PM | Computer Name = LawClerkTS-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/22/2010 4:54:24 PM | Computer Name = LawClerkTS-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#42
MsChief

Posted 22 September 2010 - 12:40 PM

Member

Topic Starter
Member
33 posts

...and yes I am still being redirected... went to www.facebook.com and got

Googlehttp://www.facebook.com/profile.php?id=1453240278 SafeSearch moderate ▼› Off
› Moderate (recommended)
› Strict
Report offensive images
More about SafeSearch

Advanced searchSearch Resultsq=http://www.facebook.com/profile.php?id=1453240278&__a=14&ajaxpipe=1&quickling[version]=292429%3B0

Your search - http://www.facebook....p?id=1453240278 - did not match any documents.

Suggestions:

Make sure all words are spelled correctly.
Try different keywords.
Try more general keywords.
Try fewer keywords.
EverythingImagesVideosMapsNewsShoppingBooksBlogsUpdatesDiscussionsMoreFewer
Search Options
Any sizeLargeMediumIconLarger than...Select a size...400×300640×480800×6001024×7682 MP (1600×1200)4 MP (2272×1704)6 MP (2816×2112)8 MP (3264×2448)10 MP (3648×2736)12 MP (4096×3072)15 MP (4480×3360)20 MP (5120×3840)40 MP (7216×5412)70 MP (9600×7200)Exactly...Width: px
Height: px
Search

Any typeFacePhotoClip artLine drawing
Any colorFull colorBlack and whiteSpecific color
Reset tools

Google HomeAdvertising ProgramsBusiness SolutionsPrivacyAbout Google

#43
MsChief

Posted 22 September 2010 - 12:44 PM

Member

Topic Starter
Member
33 posts

Additionaly I am now being redirected from the Forum page which had not been happening up until now...

#44
heir

Posted 22 September 2010 - 03:53 PM

Trusted Helper

Malware Removal
5,427 posts

However when I bought this PC it came with Napster which it will NOT let me remove

What happens when you try?

Step 1.
Uninstall unneeded programs:

Please go to Start > Control Panel > Add/Remove Programs and remove the following :

Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 7

Step 2.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\Windows\vsnpstd3.exe
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do the same with this:

C:\Windows\tsnpstd3.exe

Step 3.
OTL-fix:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.tion)
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1199803121-450095120-661195697-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2010/08/27 10:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zynga
[2010/09/02 14:15:41 | 000,013,156 | ---- | M] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/09/02 14:15:39 | 000,013,156 | ---- | C] () -- C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg
[2010/06/25 11:22:59 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\GlarySoft
[2010/03/26 09:13:10 | 000,000,000 | ---D | M] -- C:\Users\LawClerkTS\AppData\Roaming\LimeWire
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:333D4670
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4339E80E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:583600BF
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:27EEEB5C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:001F2DD1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DEF2E739
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C61EF274
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:78DBBDCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:478FEFC3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1C5692E6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD874E14
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6CC86DF2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:680DD2F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:52CFA21D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F56E823C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F4CD3D0C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:77D45B2F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FB137066
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FA42DF8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BB64EAA8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D5E5CFEC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BCEA2040
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:975EFF04
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8F6DDD92
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7F28C036
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:54362937
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3214A283
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D09D4E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:61B2F40C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4B49E3BC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:389D4B73
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB75B05F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E018C6FA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A98EF1F7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9731602C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8D10D643
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:77A2F1C0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:94AC4BF7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:57574112
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A92EB9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C870DCBB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B2FF6BFE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7C819E94
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50631D57
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E1EBA5B8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A90C55DC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AA24D1FF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7D2C5D65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6A79A8D4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6659D318
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:450E40FD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3E39CAA9
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:321B811D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FC7AF9F6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3A6DC77
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3313EA24
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EA2FBCA1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E1B9ACBE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DEC7E19B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74870514
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:127BBD85
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF89A86D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E37541B7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D9B14491
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B1C84058
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6C184524
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC41EBC3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B251D199
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7F403760
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2933FBFE
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:949483BD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AA50F13
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EEA9057A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E736CE6B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CAA71687
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BA4AE5FC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3CF7E866
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFF24E88
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E94B3A80
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BCBC7E36
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A2AACBFA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8135A716
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7C8D7A39
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3A70B627
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:275B4CFC
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D21BAD68
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BF02D1CD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9DAC67BE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:93DE1838
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FC44F0E7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:F4DE1EC6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6EA2A3B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E06AC882
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A94C9389
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CEB4672B
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C3486760
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B8CD2C07
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8A2AAEB5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:814402E6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:1FBF7E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FE5F00D0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9CD10922
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:82C50600
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6FA71CCF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6248E15F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4B9F47D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1B8B2AF8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E36991C0
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:AD85914A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:29468260
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:ED2ADD13
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9D57BC73
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:96AD618C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:29B2472B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E60C72DB
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CD7CFE01
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:81ED9272
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:51E4E516
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:268F887D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8FBC80F9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:72784F8B
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6DCDF446
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:503A27F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E2CD81E1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A761C913
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7C615D8C
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:494C4968
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F405A6B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:85B07A67
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D6BDE53F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:94D19DE1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:59BDDCD5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3857ABB7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE20CF3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:FF23A360
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:46545F5C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C8B57520
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A18FC5E4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7478C5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:50EC82D2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:29187573
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BBAFC89E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B60301F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:693E8A55
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7025E8E7
:Commands
[purity]
[emptytemp]
[emptyflash]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL fixlog

Step 4.
Things I would like to see in your reply:

Answer to the question in the beginning of this post.
The results from the filescans from step 2.
The content of the fixlog from OTL in step 3.
Information on if you still get redirected.

I'm having some colleagues have a look at the redirect issue. I'll get back to you.

#45
MsChief

Posted 24 September 2010 - 07:33 AM

Member

Topic Starter
Member
33 posts

When I try to uninstall Napster it starts the process but then I get "Setup.exe has stopped working"

VirSCAN.org Scanned Report :
Scanned time : 2010/09/23 13:05:48 (EDT)
Scanner results: Scanners did not find malware!
File Name : vsnpstd3.exe
File Size : 827392 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : fb0c8699b87f7140bb6201be7b4b6778
SHA1 : 0adb7509035af09aeaef8dc959c00f7e83190150
Online report : http://virscan.org/r...b3fea2a86c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100922232349 2010-09-22 4.96 -
AhnLab V3 2010.09.16.01 2010.09.16 2010-09-16 1.90 -
AntiVir 8.2.4.60 7.10.12.22 2010-09-23 0.27 -
Antiy 2.0.18 20100923.5237653 2010-09-23 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201009231225 2010-09-23 3.21 -
AVAST! 4.7.4 100923-0 2010-09-23 0.06 -
AVG 8.5.850 271.1.1/3154 2010-09-23 0.27 -
BitDefender 7.90123.6440287 7.34005 2010-09-24 4.61 -
ClamAV 0.96.1 12010 2010-09-23 0.16 -
Comodo 4.0 6166 2010-09-22 1.23 -
CP Secure 1.3.0.5 2010.09.23 2010-09-23 0.12 -
Dr.Web 5.0.2.3300 2010.09.24 2010-09-24 9.47 -
F-Prot 4.4.4.56 20100923 2010-09-23 3.08 -
F-Secure 7.02.73807 2010.09.23.11 2010-09-23 11.06 -
Fortinet 4.1.143 12.381 2010-09-22 0.45 -
GData 21.885/21.352 20100923 2010-09-23 9.23 -
ViRobot 20100922 2010.09.22 2010-09-22 0.11 -
Ikarus T3.1.32.15.0 2010.09.23.76787 2010-09-23 4.86 -
JiangMin 13.0.900 2010.08.30 2010-08-30 1.42 -
Kaspersky 5.5.10 2010.09.23 2010-09-23 0.14 -
KingSoft 2009.2.5.15 2010.9.22.7 2010-09-22 0.66 -
McAfee 5400.1158 6115 2010-09-23 18.89 -
Microsoft 1.6201 2010.09.23 2010-09-23 5.54 -
Norman 6.05.11 6.05.00 2010-09-02 8.04 -
Panda 9.05.01 2010.09.21 2010-09-21 2.02 -
Trend Micro 9.120-1004 7.484.11 2010-09-23 0.04 -
Quick Heal 11.00 2010.09.21 2010-09-21 2.35 -
Rising 20.0 22.66.00.07 2010-09-20 1.66 -
Sophos 3.11.2 4.57 2010-09-24 4.32 -
Sunbelt 3.9.2450.2 6908 2010-09-21 12.36 -
Symantec 1.3.0.24 20100923.003 2010-09-23 0.06 -
nProtect 20100922.02 9169085 2010-09-22 9.03 -
The Hacker 6.7.0.0 v00027 2010-09-21 0.39 -
VBA32 3.12.14.1 20100922.1024 2010-09-22 4.48 -
VirusBuster 4.5.11.10 10.128.8/2035165 2010-09-23 2.66 -

VirSCAN.org Scanned Report :
Scanned time : 2010/09/23 13:44:44 (EDT)
Scanner results: Scanners did not find malware!
File Name : tsnpstd3.exe
File Size : 270336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6cd72592f71f43e596fd3fec6d0c2066
SHA1 : 3e8c21493dab754a3ddc5f568a668138b30f310b
Online report : http://virscan.org/r...8d6be9ae86.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.19 20100922232349 2010-09-22 5.39 -
AhnLab V3 2010.09.16.01 2010.09.16 2010-09-16 2.30 -
AntiVir 8.2.4.60 7.10.12.22 2010-09-23 0.29 -
Antiy 2.0.18 20100923.5237653 2010-09-23 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.01 -
Authentium 5.1.1 201009231225 2010-09-23 2.13 -
AVAST! 4.7.4 100923-0 2010-09-23 0.02 -
AVG 8.5.850 271.1.1/3154 2010-09-23 0.28 -
BitDefender 7.90123.6440287 7.34005 2010-09-24 5.20 -
ClamAV 0.96.1 12010 2010-09-23 0.08 -
Comodo 4.0 6166 2010-09-22 1.34 -
CP Secure 1.3.0.5 2010.09.23 2010-09-23 0.10 -
Dr.Web 5.0.2.3300 2010.09.24 2010-09-24 9.43 -
F-Prot 4.4.4.56 20100923 2010-09-23 2.42 -
F-Secure 7.02.73807 2010.09.23.11 2010-09-23 0.21 -
Fortinet 4.1.143 12.381 2010-09-22 0.37 -
GData 21.885/21.352 20100923 2010-09-23 6.43 -
ViRobot 20100922 2010.09.22 2010-09-22 0.39 -
Ikarus T3.1.32.15.0 2010.09.23.76787 2010-09-23 4.92 -
JiangMin 13.0.900 2010.08.30 2010-08-30 1.42 -
Kaspersky 5.5.10 2010.09.23 2010-09-23 0.15 -
KingSoft 2009.2.5.15 2010.9.22.7 2010-09-22 0.74 -
McAfee 5400.1158 6115 2010-09-23 22.86 -
Microsoft 1.6201 2010.09.23 2010-09-23 8.63 -
Norman 6.05.11 6.05.00 2010-09-02 8.02 -
Panda 9.05.01 2010.09.21 2010-09-21 4.52 -
Trend Micro 9.120-1004 7.484.11 2010-09-23 0.05 -
Quick Heal 11.00 2010.09.21 2010-09-21 2.73 -
Rising 20.0 22.66.00.07 2010-09-20 2.75 -
Sophos 3.11.2 4.57 2010-09-24 4.23 -
Sunbelt 3.9.2450.2 6908 2010-09-21 16.47 -
Symantec 1.3.0.24 20100923.003 2010-09-23 0.13 -
nProtect 20100922.02 9169085 2010-09-22 16.10 -
The Hacker 6.7.0.0 v00027 2010-09-21 0.60 -
VBA32 3.12.14.1 20100922.1024 2010-09-22 3.65 -
VirusBuster 4.5.11.10 10.128.8/2035165 2010-09-23 2.80 -

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1199803121-450095120-661195697-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2787EA8E-8D87-48AF-88AD-B30246C917AB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2787EA8E-8D87-48AF-88AD-B30246C917AB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1199803121-450095120-661195697-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1199803121-450095120-661195697-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Program Files\Zynga folder moved successfully.
C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg moved successfully.
File C:\Users\LawClerkTS\Documents\cc_20100902_141536.reg not found.
C:\Users\LawClerkTS\AppData\Roaming\GlarySoft\Glary Utilities\Backups folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\GlarySoft\Glary Utilities folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\GlarySoft\Absolute Uninstaller folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\GlarySoft folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\xml\schemas folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\xml\misc folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\LawClerkTS\AppData\Roaming\LimeWire folder moved successfully.
ADS C:\ProgramData\TEMP:7FF7BEBC deleted successfully.
ADS C:\ProgramData\TEMP:333D4670 deleted successfully.
ADS C:\ProgramData\TEMP:CF2C26D2 deleted successfully.
ADS C:\ProgramData\TEMP:0E660858 deleted successfully.
ADS C:\ProgramData\TEMP:4339E80E deleted successfully.
ADS C:\ProgramData\TEMP:583600BF deleted successfully.
ADS C:\ProgramData\TEMP:EBE4F6FC deleted successfully.
ADS C:\ProgramData\TEMP:27EEEB5C deleted successfully.
ADS C:\ProgramData\TEMP:001F2DD1 deleted successfully.
ADS C:\ProgramData\TEMP:FDAF118C deleted successfully.
ADS C:\ProgramData\TEMP:DEF2E739 deleted successfully.
ADS C:\ProgramData\TEMP:C61EF274 deleted successfully.
ADS C:\ProgramData\TEMP:BB24555F deleted successfully.
ADS C:\ProgramData\TEMP:78DBBDCD deleted successfully.
ADS C:\ProgramData\TEMP:6A7B7A50 deleted successfully.
ADS C:\ProgramData\TEMP:478FEFC3 deleted successfully.
ADS C:\ProgramData\TEMP:1C5692E6 deleted successfully.
ADS C:\ProgramData\TEMP:DD874E14 deleted successfully.
ADS C:\ProgramData\TEMP:6CC86DF2 deleted successfully.
ADS C:\ProgramData\TEMP:680DD2F1 deleted successfully.
ADS C:\ProgramData\TEMP:52CFA21D deleted successfully.
ADS C:\ProgramData\TEMP:F56E823C deleted successfully.
ADS C:\ProgramData\TEMP:F4CD3D0C deleted successfully.
ADS C:\ProgramData\TEMP:F01E7F17 deleted successfully.
ADS C:\ProgramData\TEMP:EAB1AD1B deleted successfully.
ADS C:\ProgramData\TEMP:77D45B2F deleted successfully.
ADS C:\ProgramData\TEMP:FB137066 deleted successfully.
ADS C:\ProgramData\TEMP:FA42DF8E deleted successfully.
ADS C:\ProgramData\TEMP:BB64EAA8 deleted successfully.
ADS C:\ProgramData\TEMP:5D458568 deleted successfully.
ADS C:\ProgramData\TEMP:4CD2D817 deleted successfully.
ADS C:\ProgramData\TEMP:D5E5CFEC deleted successfully.
ADS C:\ProgramData\TEMP:BCEA2040 deleted successfully.
ADS C:\ProgramData\TEMP:975EFF04 deleted successfully.
ADS C:\ProgramData\TEMP:8F6DDD92 deleted successfully.
ADS C:\ProgramData\TEMP:7F28C036 deleted successfully.
ADS C:\ProgramData\TEMP:588B60C7 deleted successfully.
ADS C:\ProgramData\TEMP:54362937 deleted successfully.
ADS C:\ProgramData\TEMP:3214A283 deleted successfully.
ADS C:\ProgramData\TEMP:05113FB9 deleted successfully.
ADS C:\ProgramData\TEMP:E55CE2D1 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:D09D4E8D deleted successfully.
ADS C:\ProgramData\TEMP:C24B973A deleted successfully.
ADS C:\ProgramData\TEMP:61B2F40C deleted successfully.
ADS C:\ProgramData\TEMP:4B49E3BC deleted successfully.
ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
ADS C:\ProgramData\TEMP:389D4B73 deleted successfully.
ADS C:\ProgramData\TEMP:FB384C06 deleted successfully.
ADS C:\ProgramData\TEMP:EB75B05F deleted successfully.
ADS C:\ProgramData\TEMP:E018C6FA deleted successfully.
ADS C:\ProgramData\TEMP:A98EF1F7 deleted successfully.
ADS C:\ProgramData\TEMP:9731602C deleted successfully.
ADS C:\ProgramData\TEMP:8D10D643 deleted successfully.
ADS C:\ProgramData\TEMP:77A2F1C0 deleted successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:9B0F9E15 deleted successfully.
ADS C:\ProgramData\TEMP:94AC4BF7 deleted successfully.
ADS C:\ProgramData\TEMP:57574112 deleted successfully.
ADS C:\ProgramData\TEMP:D2A92EB9 deleted successfully.
ADS C:\ProgramData\TEMP:C870DCBB deleted successfully.
ADS C:\ProgramData\TEMP:B2FF6BFE deleted successfully.
ADS C:\ProgramData\TEMP:92D18A5E deleted successfully.
ADS C:\ProgramData\TEMP:7C819E94 deleted successfully.
ADS C:\ProgramData\TEMP:50631D57 deleted successfully.
ADS C:\ProgramData\TEMP:E1EBA5B8 deleted successfully.
ADS C:\ProgramData\TEMP:A90C55DC deleted successfully.
ADS C:\ProgramData\TEMP:AA9519A6 deleted successfully.
ADS C:\ProgramData\TEMP:AA24D1FF deleted successfully.
ADS C:\ProgramData\TEMP:A644A4BC deleted successfully.
ADS C:\ProgramData\TEMP:7D2C5D65 deleted successfully.
ADS C:\ProgramData\TEMP:6A79A8D4 deleted successfully.
ADS C:\ProgramData\TEMP:6659D318 deleted successfully.
ADS C:\ProgramData\TEMP:62197B73 deleted successfully.
ADS C:\ProgramData\TEMP:450E40FD deleted successfully.
ADS C:\ProgramData\TEMP:3E39CAA9 deleted successfully.
ADS C:\ProgramData\TEMP:321B811D deleted successfully.
ADS C:\ProgramData\TEMP:FC7AF9F6 deleted successfully.
ADS C:\ProgramData\TEMP:A3A6DC77 deleted successfully.
ADS C:\ProgramData\TEMP:3313EA24 deleted successfully.
ADS C:\ProgramData\TEMP:EA2FBCA1 deleted successfully.
ADS C:\ProgramData\TEMP:E1B9ACBE deleted successfully.
ADS C:\ProgramData\TEMP:DEC7E19B deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP:74870514 deleted successfully.
ADS C:\ProgramData\TEMP:127BBD85 deleted successfully.
ADS C:\ProgramData\TEMP:EF89A86D deleted successfully.
ADS C:\ProgramData\TEMP:E37541B7 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:D9B14491 deleted successfully.
ADS C:\ProgramData\TEMP:B1C84058 deleted successfully.
ADS C:\ProgramData\TEMP:6C184524 deleted successfully.
ADS C:\ProgramData\TEMP:FC41EBC3 deleted successfully.
ADS C:\ProgramData\TEMP:B251D199 deleted successfully.
ADS C:\ProgramData\TEMP:ABE30DDB deleted successfully.
ADS C:\ProgramData\TEMP:7F403760 deleted successfully.
ADS C:\ProgramData\TEMP:096BF2EE deleted successfully.
ADS C:\ProgramData\TEMP:A73EAFFB deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:2933FBFE deleted successfully.
ADS C:\ProgramData\TEMP:1CB8D545 deleted successfully.
ADS C:\ProgramData\TEMP:D16E7091 deleted successfully.
ADS C:\ProgramData\TEMP:949483BD deleted successfully.
ADS C:\ProgramData\TEMP:8AA50F13 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:EEA9057A deleted successfully.
ADS C:\ProgramData\TEMP:E736CE6B deleted successfully.
ADS C:\ProgramData\TEMP:CAA71687 deleted successfully.
ADS C:\ProgramData\TEMP:BA4AE5FC deleted successfully.
ADS C:\ProgramData\TEMP:3CF7E866 deleted successfully.
ADS C:\ProgramData\TEMP:EFF24E88 deleted successfully.
ADS C:\ProgramData\TEMP:E94B3A80 deleted successfully.
ADS C:\ProgramData\TEMP:BCBC7E36 deleted successfully.
ADS C:\ProgramData\TEMP:A2AACBFA deleted successfully.
ADS C:\ProgramData\TEMP:95B8F7F6 deleted successfully.
ADS C:\ProgramData\TEMP:8135A716 deleted successfully.
ADS C:\ProgramData\TEMP:7C8D7A39 deleted successfully.
ADS C:\ProgramData\TEMP:3A70B627 deleted successfully.
ADS C:\ProgramData\TEMP:2ABEB9EB deleted successfully.
ADS C:\ProgramData\TEMP:275B4CFC deleted successfully.
ADS C:\ProgramData\TEMP:03B3646C deleted successfully.
ADS C:\ProgramData\TEMP:D21BAD68 deleted successfully.
ADS C:\ProgramData\TEMP:BF02D1CD deleted successfully.
ADS C:\ProgramData\TEMP:9DAC67BE deleted successfully.
ADS C:\ProgramData\TEMP:93DE1838 deleted successfully.
ADS C:\ProgramData\TEMP:FC44F0E7 deleted successfully.
ADS C:\ProgramData\TEMP:F4DE1EC6 deleted successfully.
ADS C:\ProgramData\TEMP:E6EA2A3B deleted successfully.
ADS C:\ProgramData\TEMP:E06AC882 deleted successfully.
ADS C:\ProgramData\TEMP:A94C9389 deleted successfully.
ADS C:\ProgramData\TEMP:11201333 deleted successfully.
ADS C:\ProgramData\TEMP:EB603FE4 deleted successfully.
ADS C:\ProgramData\TEMP:CEB4672B deleted successfully.
ADS C:\ProgramData\TEMP:C3486760 deleted successfully.
ADS C:\ProgramData\TEMP:B8CD2C07 deleted successfully.
ADS C:\ProgramData\TEMP:8A2AAEB5 deleted successfully.
ADS C:\ProgramData\TEMP:814402E6 deleted successfully.
ADS C:\ProgramData\TEMP:7F66BF58 deleted successfully.
ADS C:\ProgramData\TEMP:1FBF7E5E deleted successfully.
ADS C:\ProgramData\TEMP:0D31DA45 deleted successfully.
ADS C:\ProgramData\TEMP:FE5F00D0 deleted successfully.
ADS C:\ProgramData\TEMP:C213B3C4 deleted successfully.
ADS C:\ProgramData\TEMP:9CD10922 deleted successfully.
ADS C:\ProgramData\TEMP:82C50600 deleted successfully.
ADS C:\ProgramData\TEMP:6FA71CCF deleted successfully.
ADS C:\ProgramData\TEMP:6248E15F deleted successfully.
ADS C:\ProgramData\TEMP:4B9F47D8 deleted successfully.
ADS C:\ProgramData\TEMP:1B8B2AF8 deleted successfully.
ADS C:\ProgramData\TEMP:E36991C0 deleted successfully.
ADS C:\ProgramData\TEMP:AD85914A deleted successfully.
ADS C:\ProgramData\TEMP:9AB338B9 deleted successfully.
ADS C:\ProgramData\TEMP:29468260 deleted successfully.
ADS C:\ProgramData\TEMP:ED2ADD13 deleted successfully.
ADS C:\ProgramData\TEMP:9D57BC73 deleted successfully.
ADS C:\ProgramData\TEMP:96AD618C deleted successfully.
ADS C:\ProgramData\TEMP:814B9485 deleted successfully.
ADS C:\ProgramData\TEMP:5A27D490 deleted successfully.
ADS C:\ProgramData\TEMP:29B2472B deleted successfully.
ADS C:\ProgramData\TEMP:F65733F1 deleted successfully.
ADS C:\ProgramData\TEMP:E60C72DB deleted successfully.
ADS C:\ProgramData\TEMP:CD7CFE01 deleted successfully.
ADS C:\ProgramData\TEMP:81ED9272 deleted successfully.
ADS C:\ProgramData\TEMP:51E4E516 deleted successfully.
ADS C:\ProgramData\TEMP:34FC1C45 deleted successfully.
ADS C:\ProgramData\TEMP:268F887D deleted successfully.
ADS C:\ProgramData\TEMP:8FBC80F9 deleted successfully.
ADS C:\ProgramData\TEMP:72784F8B deleted successfully.
ADS C:\ProgramData\TEMP:6DCDF446 deleted successfully.
ADS C:\ProgramData\TEMP:503A27F1 deleted successfully.
ADS C:\ProgramData\TEMP:E2CD81E1 deleted successfully.
ADS C:\ProgramData\TEMP:A761C913 deleted successfully.
ADS C:\ProgramData\TEMP:7C615D8C deleted successfully.
ADS C:\ProgramData\TEMP:494C4968 deleted successfully.
ADS C:\ProgramData\TEMP:9F405A6B deleted successfully.
ADS C:\ProgramData\TEMP:D09AEE3D deleted successfully.
ADS C:\ProgramData\TEMP:981349EA deleted successfully.
ADS C:\ProgramData\TEMP:89123481 deleted successfully.
ADS C:\ProgramData\TEMP:85B07A67 deleted successfully.
ADS C:\ProgramData\TEMP:D6BDE53F deleted successfully.
ADS C:\ProgramData\TEMP:C17FCA88 deleted successfully.
ADS C:\ProgramData\TEMP:94D19DE1 deleted successfully.
ADS C:\ProgramData\TEMP:59BDDCD5 deleted successfully.
ADS C:\ProgramData\TEMP:3857ABB7 deleted successfully.
ADS C:\ProgramData\TEMP:2BE20CF3 deleted successfully.
ADS C:\ProgramData\TEMP:FF23A360 deleted successfully.
ADS C:\ProgramData\TEMP:46545F5C deleted successfully.
ADS C:\ProgramData\TEMP:C8B57520 deleted successfully.
ADS C:\ProgramData\TEMP:A18FC5E4 deleted successfully.
ADS C:\ProgramData\TEMP:7478C5D8 deleted successfully.
ADS C:\ProgramData\TEMP:50EC82D2 deleted successfully.
ADS C:\ProgramData\TEMP:29187573 deleted successfully.
ADS C:\ProgramData\TEMP:BBAFC89E deleted successfully.
ADS C:\ProgramData\TEMP:BA41EC1A deleted successfully.
ADS C:\ProgramData\TEMP:7B60301F deleted successfully.
ADS C:\ProgramData\TEMP:693E8A55 deleted successfully.
ADS C:\ProgramData\TEMP:7025E8E7 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LawClerkTS
->Temp folder emptied: 1103145 bytes
->Temporary Internet Files folder emptied: 54538016 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10594 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3976 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1069539 bytes

Total Files Cleaned = 54.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LawClerkTS
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09232010_155412

OTL by OldTimer - Version 3.2.12.1 log created on 09232010_155411

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I will go on a few different pages now and update you if I'm still being redirected...

I am still being redirected to google image search...

Edited by MsChief, 24 September 2010 - 07:41 AM.