Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fsharproj (Trojan.BHO)


  • This topic is locked This topic is locked

#1
cyndi29

cyndi29

    Member

  • Member
  • PipPip
  • 56 posts
Yesterday my IE8 just stopped working. It would load but then I'd get a blank screen with a "diagnose connection problems" button. My internet was working fine, I was able to check email and use my messenger program. Only Internet Explorer wouldn't work. My son said it all started with he blocked a program from accessing the internet. The file shows up in my firewall's blocked programs as InternetClient.dll. HPOVST1132.exe is the file name and its located in the system32 folder.

I uninstalled IE8 and it automatically reverted to the last version installed. As soon as I ran it I got the firewall warning for the InternetClient file again. When I clicked on more info for the file...it brought me to McAfee Hackerwatch and the file had a different name but I can't remember it.

Did a mbam scan and it found this trojan - fsharproj (Trojan.BHO)

Here is my OTL Log.

OTL logfile created on: 4/30/2011 9:14:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Us\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 2.02 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive E: | 649.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 424.91 Gb Free Space | 91.23% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Us | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/30 09:14:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Us\Desktop\OTL.exe
PRC - [2011/04/28 18:15:59 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\system32\termsrv32.exe
PRC - [2011/04/28 18:15:59 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\system32\hpovst1132.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/12/21 16:23:26 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/11/17 15:32:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/06/30 17:46:44 | 000,146,032 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/06/30 17:46:08 | 000,129,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2010/05/13 17:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\Floater.exe
PRC - [2010/05/13 17:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
PRC - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/03/15 12:29:11 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/10/22 05:29:58 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/12/24 05:16:48 | 000,065,536 | R--- | M] (TPMX Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2008/06/24 21:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 20:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 20:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 20:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/07 17:04:10 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/07 16:41:14 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 21:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/10 18:17:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/11/06 18:51:32 | 000,020,480 | R--- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
PRC - [2003/04/06 01:17:50 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe


========== Modules (SafeList) ==========

MOD - [2011/04/30 09:14:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Us\Desktop\OTL.exe
MOD - [2011/03/28 11:48:30 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/28 18:15:59 | 000,699,392 | ---- | M] (CrypKey Inc.) [Auto | Running] -- C:\WINDOWS\system32\hpovst1132.exe -- (lanmanworkstation32)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/12/21 14:46:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/30 17:46:08 | 000,129,648 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/06/24 20:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/11/06 22:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/14 22:15:52 | 000,663,552 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/11/24 21:59:15 | 000,138,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/02 22:31:05 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/13 17:34:30 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2010/05/13 17:34:28 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/16 16:34:10 | 000,017,136 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2010/03/01 01:08:52 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/01 01:08:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/27 17:43:21 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/02/27 17:43:21 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/02/27 17:43:10 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/02/27 17:42:56 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/08 21:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 21:06:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/29 03:18:12 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/11/29 03:17:56 | 000,036,368 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/11/29 03:17:48 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/10/14 09:56:46 | 000,014,592 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2006/09/14 10:48:58 | 000,016,768 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2006/02/10 18:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 71 6B DD 01 49 90 EF 42 AA 21 F0 BC 3A F6 35 E7 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 23:12:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/23 04:25:03 | 000,000,000 | ---D | M]

[2009/09/25 18:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Us\Application Data\Mozilla\Extensions
[2009/09/25 18:21:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Us\Application Data\Mozilla\Extensions\[email protected]

Hosts file not found
O2 - BHO: (no name) - {01DD6B71-9049-42EF-AA21-F0BC3AF635E7} - C:\WINDOWS\system32\Audiodev32.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101105055244.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (TPMX Electronics Ltd.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Us\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/01/28 10:06:42 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_23.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: cartoonnetwork.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: networksolutions.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pagewizard.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: reverbnation.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] * in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://games.bigfish...Web.1.0.0.9.cab (CPlayFirstCookingDasControl Object)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinn...jattack/bja.cab (BJA Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinn...x/blockwerx.cab (Blockwerx Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabino...eb.2009.4.9.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinn...jo/wordmojo.cab (WordMojo Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinn...ty/tilecity.cab (Tilecity Control)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...31.5/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://www.buzme.com...sage_Player.cab (RingCentral Message Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cambridgecon...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\ialmuCHT32.dll) - C:\WINDOWS\system32\ialmuCHT32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Us\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 09:14:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Us\Desktop\OTL.exe
[2011/04/30 06:10:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/29 20:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/29 18:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Letters from Nowhere 2
[2011/04/28 18:16:05 | 000,699,392 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\termsrv32.exe
[2011/04/28 18:16:02 | 000,699,392 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\hpovst1132.exe
[2011/04/23 09:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jet Set Go
[2011/04/16 01:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Us\Application Data\Cosmonaut Games
[2011/04/12 01:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Us\Application Data\DreamWoods2ScreenShot
[2011/04/07 23:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
[2011/04/01 12:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Us\Application Data\aliasworlds
[2011/04/01 12:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2011/03/31 22:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Us\My Documents\gegl-0.0
[2006/08/21 22:23:51 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\Documents and Settings\Us\Desktop\*.tmp files -> C:\Documents and Settings\Us\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Us\*.tmp files -> C:\Documents and Settings\Us\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 09:14:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Us\Desktop\OTL.exe
[2011/04/30 08:46:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 08:46:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/29 20:58:56 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/04/29 20:58:53 | 000,195,752 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/04/29 20:58:25 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1396279854-1895948733-4224212417-1006.job
[2011/04/29 20:58:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 18:39:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/29 18:29:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 20:14:04 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\108f50d0
[2011/04/28 19:54:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Us\Desktop\Microsoft Office Word 2003.lnk
[2011/04/28 18:16:05 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\983646368
[2011/04/28 18:16:04 | 000,171,008 | ---- | M] () -- C:\WINDOWS\System32\ialmuCHT32.dll
[2011/04/28 18:16:01 | 000,312,832 | ---- | M] () -- C:\WINDOWS\System32\Audiodev32.dll
[2011/04/28 18:15:59 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\termsrv32.exe
[2011/04/28 18:15:59 | 000,699,392 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\hpovst1132.exe
[2011/04/26 07:30:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1396279854-1895948733-4224212417-1006.job
[2011/04/23 10:31:36 | 000,007,917 | ---- | M] () -- C:\Documents and Settings\Us\.recently-used.xbel
[2011/04/23 09:21:45 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Jet Set Go.lnk
[2011/04/22 20:20:12 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\Us\Desktop\ Mabinogi .lnk
[2011/04/18 00:20:39 | 000,042,321 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Grandchamp - Pay1040_receipt 2010.pdf
[2011/04/18 00:16:13 | 000,030,739 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Grandchamp 2010 State Taxes.pdf
[2011/04/18 00:15:38 | 000,034,665 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Grandchamp 2010 Taxes.pdf
[2011/04/15 22:23:33 | 000,010,148 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Murphy - 2010_Federal_Form_4868.pdf
[2011/04/13 14:32:14 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 09:00:50 | 000,446,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 09:00:50 | 000,073,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/08 00:47:55 | 000,001,210 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/04/08 00:47:55 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Letters from Nowhere 2.lnk
[2011/04/07 23:24:43 | 000,518,144 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Bates of Weymouth MA.FTW
[2011/04/07 23:24:43 | 000,518,144 | ---- | M] () -- C:\Documents and Settings\Us\My Documents\Bates of Weymouth MA.FBK
[2011/04/07 23:24:43 | 000,000,074 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[1 C:\Documents and Settings\Us\Desktop\*.tmp files -> C:\Documents and Settings\Us\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Us\*.tmp files -> C:\Documents and Settings\Us\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 18:46:03 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\108f50d0
[2011/04/28 18:16:04 | 000,171,008 | ---- | C] () -- C:\WINDOWS\System32\ialmuCHT32.dll
[2011/04/28 18:16:02 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\983646368
[2011/04/28 18:16:01 | 000,312,832 | ---- | C] () -- C:\WINDOWS\System32\Audiodev32.dll
[2011/04/23 10:31:36 | 000,007,917 | ---- | C] () -- C:\Documents and Settings\Us\.recently-used.xbel
[2011/04/23 09:21:45 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Jet Set Go.lnk
[2011/04/18 00:20:39 | 000,042,321 | ---- | C] () -- C:\Documents and Settings\Us\My Documents\Grandchamp - Pay1040_receipt 2010.pdf
[2011/04/18 00:16:13 | 000,030,739 | ---- | C] () -- C:\Documents and Settings\Us\My Documents\Grandchamp 2010 State Taxes.pdf
[2011/04/18 00:15:38 | 000,034,665 | ---- | C] () -- C:\Documents and Settings\Us\My Documents\Grandchamp 2010 Taxes.pdf
[2011/04/15 22:23:33 | 000,010,148 | ---- | C] () -- C:\Documents and Settings\Us\My Documents\Murphy - 2010_Federal_Form_4868.pdf
[2011/04/08 00:47:55 | 000,001,210 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/04/08 00:47:55 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Letters from Nowhere 2.lnk
[2011/04/04 06:31:58 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/01/29 01:34:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\bbbconfig.dat
[2010/12/25 13:25:13 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/06/25 01:00:20 | 000,781,624 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/15 18:39:02 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/05/15 18:39:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/05/03 00:30:17 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/04/28 23:09:33 | 000,023,159 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/28 22:39:46 | 000,077,398 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/21 09:26:59 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010/02/27 18:18:18 | 000,001,269 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/01/13 18:27:45 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/13 18:26:39 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/12/27 14:53:34 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2009/12/27 14:47:20 | 000,178,613 | ---- | C] () -- C:\WINDOWS\hpwins20.dat
[2009/12/27 14:47:20 | 000,002,428 | R--- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2009/12/21 02:24:09 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2009/11/11 19:26:13 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2009/11/03 10:08:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Us\Application Data\klm3h2685iznfddj54bx6
[2009/10/22 18:03:15 | 000,012,812 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2009/10/22 18:03:15 | 000,000,318 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2009/10/22 18:02:51 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\PELCPEXT.DLL
[2009/10/22 18:02:51 | 000,032,010 | R--- | C] () -- C:\WINDOWS\System32\PelCPExt.ini
[2009/10/22 18:02:51 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2009/10/22 18:02:51 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2009/10/19 19:05:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/14 08:48:10 | 000,017,559 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-DDXL Student 2.1.0.dat
[2009/10/14 08:24:46 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/10/01 21:45:40 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/10/01 21:45:39 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/09/19 19:20:42 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Us\Application Data\PnkBstrK.sys
[2009/09/19 19:20:12 | 000,215,016 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/09/03 18:45:16 | 000,000,121 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/09/03 18:44:52 | 000,000,205 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/30 09:51:16 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Us\Application Data\setup_ldm.iss
[2009/06/23 22:36:27 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/23 22:36:27 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/23 22:36:26 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/23 22:36:26 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/23 22:36:26 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/06/23 22:36:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/23 22:36:26 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/23 22:36:26 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/23 22:34:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/11 20:21:42 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009/02/20 14:15:10 | 000,014,880 | ---- | C] () -- C:\Documents and Settings\Us\Local Settings\Application Data\slot1.mm1
[2009/02/14 01:05:19 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/02/14 01:04:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/14 01:04:39 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/12/18 10:31:00 | 000,003,558 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2008/08/07 20:27:13 | 000,001,188 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/06 23:54:53 | 000,046,873 | ---- | C] () -- C:\WINDOWS\System32\unil.exe
[2008/06/18 19:47:57 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/05/03 22:25:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/02/13 01:35:53 | 000,001,729 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2008/02/08 23:46:52 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/02/08 23:45:38 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/02/08 23:45:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/10/22 22:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/10/20 11:54:57 | 000,001,589 | ---- | C] () -- C:\WINDOWS\KidWorld.INI
[2007/10/20 09:05:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Cloud9.ini
[2007/10/20 08:39:52 | 000,000,102 | ---- | C] () -- C:\WINDOWS\hulabee.ini
[2007/10/19 21:29:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2007/07/31 22:08:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/31 22:08:23 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/07/31 22:08:23 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2007/07/31 22:08:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/07/23 01:11:44 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/19 22:09:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/07/19 22:08:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2007/07/17 22:14:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/05/15 00:15:45 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Us\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/04 11:30:24 | 000,000,208 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/12/31 08:32:32 | 000,000,412 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/11/15 22:47:11 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/10/21 16:03:11 | 000,000,560 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/09/13 19:22:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\96269EB20E.sys
[2006/09/13 19:22:38 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/27 16:42:28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2006/08/22 21:47:01 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Us\Local Settings\Application Data\fusioncache.dat
[2006/08/21 22:17:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/21 21:49:36 | 000,024,579 | ---- | C] () -- C:\Documents and Settings\Us\Application Data\Comma Separated Values (Windows).ADR
[2006/08/21 20:58:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/17 14:21:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/17 14:15:37 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/17 14:11:54 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/17 14:06:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/17 13:44:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/17 13:44:14 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 12:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 12:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 12:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 12:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,446,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,073,344 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/09 16:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/22 00:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009/12/14 01:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/04/01 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aliasworlds
[2010/04/30 23:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ancestry.com
[2008/06/05 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2010/02/01 23:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/08/25 18:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BarbarianGames
[2009/11/08 01:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Becky Brogan
[2011/03/01 23:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/02/22 20:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
[2010/12/26 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BLG
[2009/09/13 15:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/08/10 22:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory
[2007/03/27 22:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/12/03 00:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2010/05/06 23:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2008/11/09 14:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
[2008/06/17 17:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2008/03/23 23:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2009/05/30 00:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2010/04/13 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
[2008/07/09 20:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/03/27 00:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2010/06/20 00:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2011/04/22 07:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/01/10 00:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/12/20 00:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funny Bear Studio
[2009/01/05 18:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/06/18 18:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2009/06/21 23:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMESHASTRA
[2008/11/20 10:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2008/11/23 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2010/01/27 23:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2009/09/11 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2011/02/13 02:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/06/25 21:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/06/01 00:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/04/04 16:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/09/27 23:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/05/15 01:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KrissX
[2009/12/05 01:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/08/01 21:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2010/03/13 00:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/06/05 23:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/11/13 23:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/10/19 23:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/23 00:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2011/01/23 02:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2009/11/16 23:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2008/08/28 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/12/01 22:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2008/12/06 13:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2010/09/28 05:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/10/13 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/02/07 01:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2010/05/03 00:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2008/09/14 22:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2007/11/30 19:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/03/06 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberonv1005
[2009/09/15 08:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Once Upon a Time in Chicago
[2011/01/05 02:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles
[2010/08/04 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/02/06 13:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/22 00:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/11/29 15:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/08/11 09:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/17 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/08/23 01:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/04/05 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2008/11/22 16:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2008/08/25 19:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roblox
[2008/08/26 09:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads
[2009/01/24 17:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2010/12/20 03:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/02/27 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/08/10 11:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/10/01 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2008/09/20 01:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/05/03 01:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/02/06 02:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/02/06 13:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/02/07 23:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/04/23 09:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/15 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/06/21 01:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2011/02/07 03:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2008/08/06 08:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2010/04/11 00:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2010/01/21 00:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/02/22 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/16 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
[2009/01/25 00:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2010/01/08 00:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/10 00:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2009/11/24 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrinkle-free Games
[2008/12/20 00:17:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Us\Application Data\.#
[2010/10/08 15:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\.minecraft
[2010/01/19 23:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\7thsense
[2011/03/18 00:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Alawar
[2011/04/01 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\aliasworlds
[2009/03/19 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Anabel
[2009/07/13 00:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Argonyt
[2010/09/22 00:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Artifact Quest
[2009/06/02 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Artogon
[2011/04/11 00:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Awem
[2009/04/22 23:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Azuaz Games
[2009/08/14 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Babylonia
[2008/07/10 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\bang
[2010/02/01 23:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BanzaiInteractive
[2009/08/25 18:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BarbarianGames
[2009/09/05 18:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Batovi
[2007/01/27 03:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Beep Industries
[2009/12/17 10:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Big Fish Games
[2009/06/21 00:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BlamGames
[2010/12/26 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BLG
[2008/03/26 00:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BloodTies
[2010/12/26 03:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Boolat Games
[2010/06/06 01:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Boomzap
[2009/12/22 22:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\BrokenHearts
[2009/06/07 22:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Camel101
[2009/10/20 09:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\casanova
[2009/12/05 02:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Cat's Eye Games
[2008/11/17 00:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\cerasus.media
[2010/03/11 23:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\CKK
[2011/04/16 01:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Cosmonaut Games
[2009/12/03 00:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Curious Sense
[2009/11/01 21:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Dekovir
[2010/09/06 23:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\DigirononGames
[2009/09/03 19:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Disney Interactive Studios
[2010/12/25 13:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\DisplayTune
[2010/12/13 04:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Dreamsdwell Stories 2
[2011/04/12 01:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\DreamWoods2ScreenShot
[2011/03/02 01:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\EleFun Games
[2009/11/03 10:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\ElementalsTheMagicKey
[2009/05/11 23:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Enchanted Katya
[2009/10/10 15:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Enki Games
[2010/06/12 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\ERS G-Studio
[2010/02/07 02:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Evoly
[2009/06/13 00:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Faerie Solitaire
[2009/12/02 23:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FairyNook
[2011/03/27 01:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Farm Mania 2.1
[2008/07/28 17:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FarmerJane
[2011/01/05 02:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FBI
[2009/08/09 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Flood Light Games
[2010/06/20 00:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Floodlight Games
[2011/01/03 02:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FlyWheelGames
[2009/10/04 10:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FOG Downloader
[2008/04/26 18:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\ForgottenRiddles
[2010/01/03 23:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Friday's games
[2011/01/22 17:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FriendsGamesNetwork
[2008/03/08 09:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\FrimaStudio
[2010/12/19 03:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\funkitron
[2010/03/18 23:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\G-HeadGames
[2008/05/22 23:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Gaijin Ent
[2008/11/30 23:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GameInvest
[2008/11/15 14:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\gamelab
[2009/08/03 23:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Games
[2010/05/15 00:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GamesCafe
[2009/06/21 23:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GAMESHASTRA
[2009/11/15 16:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GetRightToGo
[2008/08/17 22:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Go-Go Gourmet Chef of the Year
[2008/11/20 10:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Gogii Games
[2008/11/23 16:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Gold Casual Games
[2011/02/09 02:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GoldSunGames
[2010/01/27 23:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Green Clover Games
[2011/04/23 10:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\gtk-2.0
[2009/10/25 23:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\GTM_Bodie
[2011/04/02 00:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\HdO Adventure
[2009/06/13 00:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Hidden Island Data
[2009/02/08 00:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\HSA
[2009/06/18 09:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\HuruBeachParty
[2009/10/05 18:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\IDM
[2009/12/13 00:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\iMaxGen
[2011/01/16 00:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\InImages
[2009/05/25 23:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\IronCode
[2008/10/12 01:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\iWin
[2010/12/19 01:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Jane s Hotel 3
[2008/08/10 23:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\JewelMatch2
[2009/12/21 02:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\JoyBits
[2010/04/30 23:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\KeyingTool
[2009/10/18 01:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\KlickTock
[2009/11/09 00:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Lazy Turtle Games
[2006/09/14 22:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Leadertech
[2009/08/01 21:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Little Games Company
[2010/04/29 22:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Little Noir Stories
[2009/03/15 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Lost in the City
[2010/03/13 00:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Ludia
[2009/08/26 00:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\MA
[2008/08/29 15:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Magic Academy
[2009/11/02 08:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Magic Academy 2
[2009/09/13 01:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\MagicBall4
[2009/08/20 02:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\MBT
[2009/06/05 23:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Mean Hamster
[2010/03/24 23:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\MemoryClinic
[2009/10/05 18:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Meridian93
[2009/11/13 23:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Merscom
[2010/06/19 00:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\My Games
[2011/01/23 02:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Namco
[2009/11/16 23:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\NBC Direct
[2010/03/18 22:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Nevosoft
[2008/09/14 22:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Oberon Games
[2009/09/15 08:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Once Upon a Time in Chicago
[2008/10/10 23:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\panoramik
[2009/02/14 01:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\pdf995
[2009/05/30 23:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Pi Eye Games
[2010/05/22 21:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\PirateGalaxy
[2011/02/06 13:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\PlayFirst
[2008/06/30 14:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Playrix Entertainment
[2009/08/17 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\PoBros
[2009/07/21 23:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Pogo Games
[2009/06/14 22:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Purple Patch Games
[2009/07/13 01:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Quirky Games
[2010/04/29 09:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\RainbowGames
[2008/08/25 00:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Righteous Kill
[2009/01/26 00:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\RobinsonCrusoe
[2009/01/08 23:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Sahmon Games
[2009/11/22 01:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Scholastic
[2008/10/26 17:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\SecretIslandEng
[2008/12/05 00:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Shape games
[2009/08/02 22:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\she_is_a_shadow
[2010/07/07 21:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Skunk Studios
[2011/01/26 16:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Sony Online Entertainment
[2010/12/29 02:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Spark Plug Games
[2009/08/30 00:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\SprillRichiEng
[2008/08/03 23:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Sudden Games
[2009/08/09 23:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\SulusGames
[2010/12/13 01:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Supermarket Mania 2
[2010/08/04 00:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\TaxCut
[2009/12/25 13:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\The Creative Assembly
[2009/09/20 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\TikisLab
[2009/09/03 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\TimeMachine
[2009/11/04 01:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\TitanicMystery
[2010/04/11 00:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Top Evidence
[2010/04/12 01:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Total Eclipse
[2009/12/12 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Trio
[2009/05/03 22:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Twintale Entertainment
[2009/03/29 23:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Ubisoft
[2008/12/06 16:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Unity
[2010/11/22 02:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\URSE Games
[2009/07/02 23:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\V-Games
[2010/01/18 01:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Valusoft
[2009/10/01 23:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\VampireSaga
[2011/01/29 01:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Vasilek Games
[2008/10/26 12:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Viewpoint
[2011/02/26 03:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\ViquaSoft
[2011/01/31 01:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\Virtual Prophecy
[2011/02/19 10:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\wargaming.net
[2010/10/30 13:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\webex
[2011/02/25 03:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\World-Loom
[2011/04/18 02:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Us\Application Data\YoudaGames
[2007/02/23 23:37:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1156216422.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41A00CF0
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8EBAB95
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4573A78F
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7291A24
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91B3E405
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86725A4F
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2832349A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B352B60
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D06FB9C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87452B14
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4AB79AE
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE0BAFE1
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDBBA6D
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC32B31
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83BAA24B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C0940F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:583FE1DA
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A821F5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:816255C3
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EEFE3F0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898D0B77
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C0887BF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140AD176
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06EAFA0B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA8D6B60
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC733A73
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76953F21
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BB4F863
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E99D1D3C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:596E2371
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F28299B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A97C6729
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E3F04BC
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EDC744FB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A01F3A87
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512336B9
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9900C74
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC1F7CAE
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE818FA
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A59DD4AD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE8BFCD
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3571475C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2727F067
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E8CC2E
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29187573
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2775F9E2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F38B460
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5A5AE9
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB82C54F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DAC67BE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C528C86
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40EE25BB
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9E9A5F9
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41884BBE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF38B79C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C66609
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ADB5110
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E83EE313
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F0E644
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:983B4DC0
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93D985FC
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6259454D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52C24010
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E7308B6
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDCD5068
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAE3649B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46D2E5A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5FC8FA1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71B89F61
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4ADB39BA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D186293
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:329BA65B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5DE9C8F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3C72D5F
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:834DD57E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C4F81F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FA346B6
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68AEEB4D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FA4CB99
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1992908D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B9B0020
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92A815D8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:592D7272
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:237E4B91
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16C16B18
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9495818
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A57500CB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:988216DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94874C0A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67C320D1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D3CB929
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED194880
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6AB0F79
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B3B2D1
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DF9DD1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B18C4339
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A00BCDEF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C22C79
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:101708D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB779A93
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BC73C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:453190EC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F6AC518
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2CD146E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9351E0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9331E9D2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AF67671
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4440A77E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10E111E1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC60E0F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F36BFA23
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4F63AED
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:842B0AED
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD219F5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B8AF94
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40BAD1B0
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17639624
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F936DF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B2735F9E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6881EE7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB7898D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A18D1A5B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C6CB897
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1740DC47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5E2BAEE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F93516B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21C2E351
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7843388
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6CDBCAC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086DE893
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9B5CB53
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA9A5EA8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5988350
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:701B92FB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27C3CD07
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07EA07E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC5EFA15
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67CB31A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3CE40A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2E567F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1175E1D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F01E7F17
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F827F9E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE7E50E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385E2CFD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09161C63
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B69884
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9FD258B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1588BAB5
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F437A62A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3F37A7D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A384652A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:699C6EB5
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE892EFB
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F68E699
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AEAF2B6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40512067
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0DCD8D7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5207FA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE20CF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C40E212B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33DB8278
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9FB004
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEC29FB
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A659780
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA2F6A9
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:342886D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5BC70E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED810E46
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C74009E5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47408F84
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A757EE0B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00D5EBC2

< End of report >


Not sure if you wanted the extras.txt log or not..but here it is

OTL Extras logfile created on: 4/30/2011 9:14:59 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Us\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.30 Gb Total Space | 2.02 Gb Free Space | 2.83% Space Free | Partition Type: NTFS
Drive E: | 649.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 424.91 Gb Free Space | 91.23% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Us | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57338:TCP" = 57338:TCP:*:Enabled:Pando Media Booster
"57338:UDP" = 57338:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57338:TCP" = 57338:TCP:*:Disabled:Pando Media Booster
"57338:UDP" = 57338:UDP:*:Disabled:Pando Media Booster
"56173:TCP" = 56173:TCP:*:Disabled:Pando Media Booster
"56173:UDP" = 56173:UDP:*:Disabled:Pando Media Booster
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"58929:TCP" = 58929:TCP:*:Enabled:Pando Media Booster
"58929:UDP" = 58929:UDP:*:Enabled:Pando Media Booster
"1056:TCP" = 1056:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\hpovst1132.exe" = C:\WINDOWS\system32\hpovst1132.exe:*:Enabled:Windows Update Service -- (CrypKey Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\RingCentral\BuzMe\RCUI.exe" = C:\Program Files\RingCentral\BuzMe\RCUI.exe:*:Enabled:RingCentral
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (Intuit, Inc.)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Gold -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Namco Bandai Games\Warhammer Battle March\Warhammer.exe" = C:\Program Files\Namco Bandai Games\Warhammer Battle March\Warhammer.exe:*:Enabled:Warhammer Battle March
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Disabled:America Online 9.0a
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL
"C:\Documents and Settings\Us\Local Settings\Temporary Internet Files\Content.IE5\KVZ1NL8A\FreakyCreaturesDownloader[1].exe" = C:\Documents and Settings\Us\Local Settings\Temporary Internet Files\Content.IE5\KVZ1NL8A\FreakyCreaturesDownloader[1].exe:*:Disabled:Abandon Interactive
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- ()
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"F:\nicks stuff\BFBC2Updater.exe" = F:\nicks stuff\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"F:\Program Files\Warhammer.exe" = F:\Program Files\Warhammer.exe:*:Enabled:Warhammer Battle March -- (Black Hole Entertainment)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"F:\Nexon\Vindictus\en-US\NMService.exe" = F:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\WINDOWS\system32\hpovst1132.exe" = C:\WINDOWS\system32\hpovst1132.exe:*:Enabled:Windows Update Service -- (CrypKey Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{133312C1-ED9D-47C6-B130-140D66D2A444}" = Ancestry World Archives Project - Keying Tool
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks Closed Beta v.0.6.2.7
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112923253}" = Private Eye
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}" = AQUAZONE "Virtual Aquarium Collection"
"{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}" = BCL easyConverter SDK 1.0.0 Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C877BDC3-5D93-7A0B-8836-15163B33D351}" = Rome: Total War Gold Edition
"{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}" = Diner Dash
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECB5CA0-6908-45EA-B18E-64C61B11DA99}" = Family Tree Maker 2008
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D81FBA6E-5492-4C46-BAE3-3A9242C27210}" = TaxCut Basic + Efile 2008
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F50DB9DC-2D10-4646-BBC2-958865D01D28}" = S4 League_EU
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BFGC" = Big Fish Games: Game Manager
"BFG-Jet Set Go" = Jet Set Go
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DDXL Student 2.1.0" = DDXL Student 2.1.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Diner Dash" = Diner Dash (remove only)
"Family Tree Maker" = Family Tree Maker 7.0
"GameSpy Arcade" = GameSpy Arcade
"Guild Wars" = Guild Wars
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{CECB5CA0-6908-45EA-B18E-64C61B11DA99}" = Family Tree Maker 2008
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MouseSuite98" = Mouse Suite
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PhotoRecord" = Canon PhotoRecord
"Pirate Poppers" = Pirate Poppers (remove only)
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahtzeev1" = Yahtzee
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Us
"FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)
"SOE-Clone Wars" = Clone Wars
"Sparkplayer (Beta)" = Sparkplayer (Beta)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2011 7:35:45 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application PresentationFontCache.exe, version 3.0.6920.1427,
faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/29/2011 7:38:11 PM | Computer Name = OFFICE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
Error:Invalid user ID or passwo

Error - 4/29/2011 7:38:11 PM | Computer Name = OFFICE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": Connection
String:CON=QBConnectionPool-Probe-QB_data_engine_20; ;DBF=C:\Documents and Settings\All
Users\Documents\Intuit\QuickBooks\Company Files\Empty Net.QBW;ENG=QB_data_engine_20;DBN=c6f06b3290e34f52ab01397985042e

Error - 4/29/2011 7:38:11 PM | Computer Name = OFFICE | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2010": DBConnPool::HandleConnectionError
errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1036 from
function:'DBMgr::DBConnPool::ini

Error - 4/29/2011 8:40:23 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application intuitsyncmanager.exe, version 3.2.20.4007, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/29/2011 8:40:24 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application QBCFMonitorService.exe, version 4.0.4007.19398,
faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/29/2011 8:58:39 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application intuitsyncmanager.exe, version 3.2.20.4007, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/29/2011 8:58:52 PM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application QBCFMonitorService.exe, version 4.0.4007.19398,
faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 4/29/2011 9:01:23 PM | Computer Name = OFFICE | Source = Application Error | ID = 1001
Description = Fault bucket -1939486941.

Error - 4/29/2011 9:01:26 PM | Computer Name = OFFICE | Source = Application Error | ID = 1001
Description = Fault bucket -2085717666.

[ System Events ]
Error - 4/29/2011 6:24:09 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/29/2011 6:24:41 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 4/29/2011 6:25:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McNaiAnn service.

Error - 4/29/2011 6:27:13 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register
with DCOM within the required timeout.

Error - 4/29/2011 7:35:54 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Presentation
Foundation Font Cache 3.0.0.0 service to connect.

Error - 4/29/2011 7:35:54 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 4/29/2011 8:41:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the QBCFMonitorService service
to connect.

Error - 4/29/2011 8:42:38 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 4/29/2011 8:59:37 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the QBCFMonitorService service
to connect.

Error - 4/29/2011 9:01:07 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, and sorry for the delay

Could you confirm that the system no longer boots - also what file did MBAM report ?

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0


OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download this scan.txt to a USB drive
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi,

Yes the computer will not boot past the blue screen no matter if i try start normally or safe mode.

So how will I download OTLPENet.exe to my desktop if I can't get to the desktop? Should I be saving that file to the USB also?

Should I be doing these first couple of steps on this (functioning) computer and then taking the CD to the other infected computer?

Here is the mbam report I got on the first scan

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6475

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/29/2011 8:36:58 PM
mbam-log-2011-04-29 (20-36-58).txt

Scan type: Quick scan
Objects scanned: 163153
Time elapsed: 1 hour(s), 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\02000000ada2154f1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ada2154f1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ada2154f1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ada2154f1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ada2154f1231c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ada2154f1231o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ada2154f1231p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ada2154f1231s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Should I be doing these first couple of steps on this (functioning) computer and then taking the CD to the other infected computer?

Yes burn the CD on the working system then use it to boot the poorly one :) Using a USB to transfer the scan.txt, which is a series of directions as to where I need OTL to look
  • 0

#5
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
How long should it take to burn the CD. I've been sittign here with a 0% extracting box for a 1/2 hour now.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should take no more than 10 minutes - could you stop and retry the burn
  • 0

#7
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi,

I've retried it twice. Nothing happens. It asks if I want to burn the CD. I say yes. A box pops up saying 0% extracting and then nothing happens.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see if there is a restore point we can use - this may return the virus but at least we will have a bootable system with which to work

We will use an mobile operating system called xPUD, and a script called rst.sh to restore your computer.

On the clean computer.

Creating a bootable USB using xPUD
  • Please download the following files and save it to the desktop
  • Insert the USB device to make bootable to the computer. (Make sure that no other USB's are inserted)
  • Double-click on unetbootin.exe to run
  • Select Disk Image, ISO and in the space provided, enter the path location of xpud-0.9.2.iso (ex. C:\Documents and Settings\yourusername\Desktop\xpud-0.9.2.iso)
  • Select USB Drive type and the drive letter assigned to your USB stick.
  • Click "OK" and wait until the program finishes. You now have a bootable xPUD.
  • Download the following tool and save it inside the bootable USB

Please note: if you prefer to create a bootable CD using xPUD, you may download the ISO image found here and burn it to a CD.



On the infected computer.
  • Reboot your system using the xPUD bootable USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • Your system should now display a xPUD desktop.
  • Select on the File icon; on the right pane click on the "mnt" folder and highlight "sdb1" - this is your USB device.

    sda1,2...usually corresponds to your HDD
    sdb1 is likely your USB

  • Click on the "Tool" menu and select Open Terminal
    Posted Image
  • In the open terminal window, type in the following:

    bash rst.sh
  • Press "Enter" and let it run uninterrupted.
    (The program lists available Restore Points and will save a report enum.log located in the USB drive.)
  • The program is finished when it say's "Done".
  • Type "Exit" to close the terminal window.
  • Please attached the enum.log file in your reply. (You may remove your USB drive when transferring log to a clean computer).

Please note: If you have an ethernet connection you can access the internet by way of xPUD (Firefox). You can perform all these steps on your sick computer. When you download the download will reside in the Download folder. It can be found under the File tab also. You can similarly access our thread by way of this OS too so you can send the logs that way.
  • 0

#9
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi Essexboy,

That worked so far. The only thing I'm not sure of is how to include the log file. Since I'm on the infected computer and using the xPUD interface, I wasn't able to figure out how to open the log and copy and paste. So I've attached it as an attachment.Attached File  enum.log   2.03KB   131 downloads

47.5M May 2 12:29 /mnt/sda2/WINDOWS/system32/config/SOFTWARE
8.0M May 2 18:33 /mnt/sda2/WINDOWS/system32/config/SYSTEM

47.3M Apr 9 12:37 /sda2/~/RP1500/~SOFTWARE
47.3M Apr 30 13:25 /sda2/~/RP1511/~SOFTWARE
47.3M Apr 30 13:36 /sda2/~/RP1512/~SOFTWARE
47.3M Apr 30 13:37 /sda2/~/RP1513/~SOFTWARE
47.3M May 1 07:00 /sda2/~/RP1514/~SOFTWARE
47.3M May 2 03:15 /sda2/~/RP1515/~SOFTWARE
47.3M May 2 03:27 /sda2/~/RP1516/~SOFTWARE
47.3M May 2 03:29 /sda2/~/RP1517/~SOFTWARE
47.3M May 2 03:38 /sda2/~/RP1518/~SOFTWARE
47.3M May 2 03:39 /sda2/~/RP1519/~SOFTWARE
47.3M May 2 03:40 /sda2/~/RP1520/~SOFTWARE
47.3M May 2 03:41 /sda2/~/RP1521/~SOFTWARE
47.3M May 2 03:42 /sda2/~/RP1522/~SOFTWARE
47.3M May 2 03:47 /sda2/~/RP1523/~SOFTWARE
47.3M May 2 04:06 /sda2/~/RP1524/~SOFTWARE
47.3M May 2 11:33 /sda2/~/RP1525/~SOFTWARE
47.3M May 2 11:43 /sda2/~/RP1526/~SOFTWARE
47.3M May 2 11:44 /sda2/~/RP1527/~SOFTWARE
47.3M May 2 11:45 /sda2/~/RP1528/~SOFTWARE
47.3M May 2 11:47 /sda2/~/RP1529/~SOFTWARE
47.3M May 2 11:48 /sda2/~/RP1530/~SOFTWARE
47.3M May 2 12:06 /sda2/~/RP1531/~SOFTWARE
47.3M May 3 07:00 /sda2/~/RP1532/~SOFTWARE
8.0M Apr 9 12:37 /sda2/~/RP1500/~SYSTEM
8.0M Apr 30 13:25 /sda2/~/RP1511/~SYSTEM
8.0M Apr 30 13:36 /sda2/~/RP1512/~SYSTEM
8.0M Apr 30 13:37 /sda2/~/RP1513/~SYSTEM
8.0M May 1 07:00 /sda2/~/RP1514/~SYSTEM
8.0M May 2 03:15 /sda2/~/RP1515/~SYSTEM
8.0M May 2 03:27 /sda2/~/RP1516/~SYSTEM
8.0M May 2 03:29 /sda2/~/RP1517/~SYSTEM
8.0M May 2 03:38 /sda2/~/RP1518/~SYSTEM
8.0M May 2 03:39 /sda2/~/RP1519/~SYSTEM
8.0M May 2 03:40 /sda2/~/RP1520/~SYSTEM
8.0M May 2 03:41 /sda2/~/RP1521/~SYSTEM
8.0M May 2 03:43 /sda2/~/RP1522/~SYSTEM
8.0M May 2 03:47 /sda2/~/RP1523/~SYSTEM
8.0M May 2 04:06 /sda2/~/RP1524/~SYSTEM
8.0M May 2 11:33 /sda2/~/RP1525/~SYSTEM
8.0M May 2 11:43 /sda2/~/RP1526/~SYSTEM
8.0M May 2 11:44 /sda2/~/RP1527/~SYSTEM
8.0M May 2 11:45 /sda2/~/RP1528/~SYSTEM
8.0M May 2 11:47 /sda2/~/RP1529/~SYSTEM
8.0M May 2 11:48 /sda2/~/RP1530/~SYSTEM
8.0M May 2 12:06 /sda2/~/RP1531/~SYSTEM
8.0M May 3 07:00 /sda2/~/RP1532/~SYSTEM
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let's see if there is an available registry backup we can use to help get your computer booting properly
  • Boot the Sick computer with the USB drive again
  • Press File
  • Expand mnt
  • Expand your USB (sdb1)
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Type RP1514
  • Press Enter
  • After it has finished a report will be located at sdb1 named restore.log
  • Please try to boot into normal Windows now and indicate if you were successful

Please note - all text entries are case sensitive

Copy and paste the restore.log from your USB drive for my review
  • 0

Advertisements


#11
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Well that didn't seem to work. I was able to restore to RP1514 but when I tried to reboot I would get to the windows splash screen and then the blue screen saying windows was shut down to protect your computer.

I tried a couple of restore points 1512 and 1500. Same thing happened with those two.

I have my windows restore CD....maybe we can restore the system files from that?

Here is the log file.

Attached File  restore.log   133bytes   138 downloads
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The system restore CD may well just reformat the drive and delete all your data - what is the make of the computer ?

Also is it a full windows CD or a company restore cd ?
  • 0

#13
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Its a Windows XP SP2 CD. I attempted to use the windows recovery process but I didn't know what to do once I was in there. So I left it alone and exited.

It's a Dell computer but the Windows CD was sent to me directly from Microsoft when I requested it for another computer that needed the installation CD but the system didn't come with one.

If we have to wipe it out.....can I backup my files through the xPUD interface first?

Thanks so much for all your help, by the way, I really appreciate it.

Cyndi
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As it is a full XP cd - then we can try a repair install first, this will keep all your documents and settings safe. All you will need to do is re-install your programmes

You can back up your data using xpud

We have a tutorial here for doing a repair install http://www.geekstogo...air-windows-xp/
Have a read and let me know what you think
  • 0

#15
cyndi29

cyndi29

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
As a last resort then I suppose I'd have to try the repair. But I would rather not if I don't have to as I may not be able to access/reinstall all the programs again.

Is there anything else we could try before we do that?

I backed up my My Documents folder to the second hard drive in the system.

I also have a Dell supplied reinstallation CD but not really sure if it was from this computer or not.

Thanks,
Cyndi

Edited by cyndi29, 05 May 2011 - 03:14 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP