I have an issue with a work PC where link clicked on by a search engine results in a redirect to an unrelated site. After about 5 attempts on the same link, one can get to the site they were attempting to, but this is obviously not normal behavior. I have run the procedure for a fix here and had no luck. Unfortunately some of the other "computer savvy guys" at the shop took a crack at it before the problem was brought to my attention. I do not know exactly how they attempted to solve the problem, nor do I know what other damages they may have caused. The system is Windows XP professional, SP3. The problem occurs in Internet Explorer 8; there are no other Web Browsers installed to my knowledge.
OTL logfile created on: 11/14/2011 10:02:33 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Redirect removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 534.67 Mb Available Physical Memory | 52.32% Memory free
1.28 Gb Paging File | 0.81 Gb Available in Paging File | 63.62% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 39.00 Gb Free Space | 54.40% Space Free | Partition Type: NTFS
Drive D: | 568.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 37.24 Gb Total Space | 18.55 Gb Free Space | 49.79% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.28 Gb Free Space | 69.05% Space Free | Partition Type: FAT
Drive R: | 2779.26 Gb Total Space | 2712.74 Gb Free Space | 97.61% Space Free | Partition Type: NTFS
Computer Name: DRIVES | User Name: theresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/14 09:45:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Redirect removal\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/01 06:57:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 06:33:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/09 10:23:58 | 000,059,392 | ---- | M] () -- C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 19:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 19:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 19:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/03/13 15:03:34 | 000,225,280 | ---- | M] (Schneider Automation) -- C:\WINDOWS\SYSTEM32\ModbusDrv.exe
PRC - [2005/09/13 15:22:52 | 000,049,152 | ---- | M] (Schneider Automation SAS) -- C:\WINDOWS\SYSTEM32\NA_Service.exe
PRC - [2004/06/30 14:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2010/12/09 10:23:58 | 000,059,392 | ---- | M] () -- C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
MOD - [2010/06/17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
MOD - [2008/04/09 17:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll
MOD - [2001/09/24 07:59:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NavLogon.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/01 06:57:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 06:33:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/09 10:23:58 | 000,059,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe -- (MCT10 Service)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/02/05 14:51:30 | 000,222,480 | ---- | M] (Cyberlogic Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\Cyberlogic\Ethernet MBX Driver\EMbxRpcS.exe -- (eMBX)
SRV - [2007/10/04 10:00:08 | 000,182,544 | ---- | M] (Cyberlogic Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Cyberlogic Shared\gMbxRpcS.exe -- (gMBX)
SRV - [2005/09/13 15:22:52 | 000,049,152 | ---- | M] (Schneider Automation SAS) [Auto | Running] -- C:\WINDOWS\SYSTEM32\NA_Service.exe -- (NA_Service)
========== Driver Services (SafeList) ==========
DRV - [2011/10/14 09:20:54 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/10/14 09:20:54 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2011/10/14 09:20:45 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/10/14 09:20:39 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 06:57:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/07/01 06:57:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010/11/26 18:02:54 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/03/28 18:27:48 | 000,094,608 | ---- | M] (Cyberlogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CLMbxUsb.sys -- (CLMbxUsb) Cyberlogic MBX Driver (USB)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/27 14:40:30 | 000,019,968 | R--- | M] (BEC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBMotion.sys -- (USBMotion)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/04/26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2003/11/30 21:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.1:9877
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/11/14 09:38:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://cadenas.partc...3d/cnsweb3d.cab (PARTcommunity 3D Web Viewer)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1122031458812 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors...ocx/plotwon.ocx (Plotwon Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,23/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B427887-88E1-4491-B6A2-7E417D2CF021}: NameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\theresa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/06 09:27:32 | 000,000,079 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{4c907bd0-88e1-11de-83c0-001111afd579}\Shell - "" = AutoRun
O33 - MountPoints2\{4c907bd0-88e1-11de-83c0-001111afd579}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c907bd0-88e1-11de-83c0-001111afd579}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/14 09:31:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/14 09:30:37 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/11/14 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/14 09:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/14 09:29:07 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\theresa\Desktop\TDSSKiller.exe
[2011/11/14 09:29:06 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\theresa\Desktop\erunt-setup.exe
[2011/11/14 09:29:06 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\theresa\Desktop\OTM.exe
[2011/11/14 08:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Acronis
[2011/11/11 14:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/11 14:25:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/11 08:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/11/10 14:02:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/10 09:28:19 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\theresa\Desktop\firefox.com
[2011/11/10 08:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/09 08:42:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/09 08:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theresa\Application Data\Malwarebytes
[2011/11/09 08:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/08 08:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/08 08:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/08 08:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/10/20 07:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theresa\Start Menu\Programs\Schneider Electric
[2011/10/20 06:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Schneider Electric
[2011/10/20 06:45:48 | 000,421,376 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\FTDIUNIN.exe
[2011/10/20 06:45:48 | 000,102,472 | ---- | C] (Schneider Electric) -- C:\WINDOWS\System32\NA_XWAY.exe
[2011/10/20 06:45:48 | 000,057,820 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys
[2011/10/20 06:45:48 | 000,048,625 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll
[2011/10/20 06:45:48 | 000,045,056 | ---- | C] (Schneider Automation) -- C:\WINDOWS\System32\XwayMgrU.dll
[2011/10/20 06:45:48 | 000,036,864 | ---- | C] (FTDI) -- C:\WINDOWS\System32\FTLang.dll
[2011/10/20 06:45:48 | 000,024,369 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys
[2011/10/20 06:45:47 | 000,491,520 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\System32\XWAYMgr.cpl
[2011/10/20 06:45:47 | 000,167,936 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\System32\NA_Config.exe
[2011/10/20 06:45:47 | 000,086,086 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\System32\NA_MBP.exe
[2011/10/20 06:45:47 | 000,073,728 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\System32\NA_Util.dll
[2011/10/20 06:45:47 | 000,061,440 | ---- | C] (Schneider Automation) -- C:\WINDOWS\WDTGR2.DLL
[2011/10/20 06:45:47 | 000,061,440 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\Wnetway2.dll
[2011/10/20 06:45:47 | 000,049,152 | ---- | C] (Schneider Automation SAS) -- C:\WINDOWS\System32\NA_Service.exe
[2011/10/20 06:45:47 | 000,037,888 | ---- | C] (Schneider Automation) -- C:\WINDOWS\WCDTGR2.DLL
[2011/10/20 06:45:47 | 000,024,576 | ---- | C] (Schneider Automation) -- C:\WINDOWS\WNETWT32.DLL
[2011/10/20 06:45:23 | 000,327,757 | ---- | C] (Schneider Automation) -- C:\WINDOWS\System32\DrvModbus.dll
[2011/10/20 06:45:23 | 000,225,280 | ---- | C] (Schneider Automation) -- C:\WINDOWS\System32\ModbusDrv.exe
[2011/10/20 06:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theresa\Application Data\InstallShield
[2011/10/19 14:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\theresa\Local Settings\Application Data\WinZip
[2011/10/19 13:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/10/19 13:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/19 13:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/10/19 12:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Schneider Electric
[2005/02/03 14:01:43 | 000,589,824 | ---- | C] (Fred's Software Company) -- C:\Program Files\Printkey.exe
========== Files - Modified Within 30 Days ==========
[2011/11/14 09:39:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/14 09:39:31 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/14 09:39:14 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\XGEO.job
[2011/11/14 09:39:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/14 09:39:11 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/14 09:38:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/11/14 09:29:40 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\theresa\Desktop\ERUNT.lnk
[2011/11/14 09:24:06 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\theresa\Desktop\OTM.exe
[2011/11/14 09:21:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\theresa\Desktop\erunt-setup.exe
[2011/11/14 09:19:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/14 08:36:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\system.ldb
[2011/11/11 15:48:16 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\theresa\Desktop\TDSSKiller.exe
[2011/11/11 14:59:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/11 08:50:58 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/11/11 08:50:58 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/11/10 09:48:21 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-7FO1M.exe
[2011/11/10 09:48:21 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-7FO1M.msg
[2011/11/10 09:48:21 | 000,000,365 | ---- | M] () -- C:\WINDOWS\is-7FO1M.lst
[2011/11/10 09:28:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\theresa\Desktop\firefox.com
[2011/11/09 16:28:03 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/09 16:17:31 | 000,000,173 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/11/08 16:52:45 | 000,438,069 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20111109-164239.backup
[2011/11/08 08:05:03 | 000,000,985 | ---- | M] () -- C:\Documents and Settings\theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/08 08:05:02 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/11/07 12:45:55 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\imaadp32M.dll
[2011/11/07 06:56:59 | 000,515,686 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/11/07 06:56:59 | 000,091,246 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/10/20 15:34:00 | 000,000,052 | ---- | M] () -- C:\WINDOWS\ultimadll.INI
[2011/10/20 07:23:27 | 000,003,120 | ---- | M] () -- C:\WINDOWS\131894
[2011/10/19 15:12:17 | 385,277,952 | ---- | M] () -- C:\Documents and Settings\theresa\Desktop\POWERSUITE2.6.iso
========== Files Created - No Company Name ==========
[2011/11/14 09:29:40 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\theresa\Desktop\ERUNT.lnk
[2011/11/14 08:36:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\system.ldb
[2011/11/11 14:56:57 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/11/11 14:56:47 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/11 14:32:05 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/11 08:50:58 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/11/11 08:50:58 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/11/10 09:48:21 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-7FO1M.exe
[2011/11/10 09:48:21 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-7FO1M.msg
[2011/11/10 09:48:21 | 000,000,365 | ---- | C] () -- C:\WINDOWS\is-7FO1M.lst
[2011/11/08 08:05:03 | 000,000,985 | ---- | C] () -- C:\Documents and Settings\theresa\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/08 08:05:02 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\theresa\Desktop\Spybot - Search & Destroy.lnk
[2011/11/07 12:45:55 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\imaadp32M.dll
[2011/11/07 12:45:55 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\XGEO.job
[2011/10/20 08:38:52 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ultimadll.INI
[2011/10/20 07:23:27 | 000,003,120 | ---- | C] () -- C:\WINDOWS\131894
[2011/10/20 06:45:48 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2011/10/20 06:45:47 | 000,013,888 | ---- | C] () -- C:\WINDOWS\WDTGR.DLL
[2011/10/20 06:45:47 | 000,008,096 | ---- | C] () -- C:\WINDOWS\WCDTGR.DLL
[2011/10/20 06:45:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\WNETWAY.DLL
[2011/10/20 06:45:47 | 000,004,064 | ---- | C] () -- C:\WINDOWS\WNETWT16.DLL
[2011/10/19 15:11:38 | 385,277,952 | ---- | C] () -- C:\Documents and Settings\theresa\Desktop\POWERSUITE2.6.iso
[2011/03/11 08:39:32 | 000,028,496 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/03/11 08:39:32 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/02 11:24:55 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/06/19 12:12:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2008/09/10 08:44:53 | 000,000,817 | ---- | C] () -- C:\WINDOWS\VOLOV EReg.ini
[2008/07/30 09:57:46 | 000,087,312 | ---- | C] () -- C:\WINDOWS\System32\CybPass.dll
[2005/09/02 08:57:24 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\theresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/14 13:05:44 | 000,009,717 | ---- | C] () -- C:\WINDOWS\extend.dat
[2005/01/06 09:20:37 | 000,000,183 | ---- | C] () -- C:\WINDOWS\PMX.INI
[2004/12/15 18:03:00 | 000,320,512 | R--- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2004/12/15 18:03:00 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2004/12/15 18:02:59 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\Nwlocale.dll
[2004/12/15 18:02:59 | 000,000,772 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2004/12/15 17:34:26 | 000,006,177 | ---- | C] () -- C:\WINDOWS\PAW35.INI
[2004/12/15 17:32:17 | 000,002,884 | ---- | C] () -- C:\WINDOWS\PAW50.INI
[2004/12/15 17:17:50 | 000,001,280 | ---- | C] () -- C:\WINDOWS\Paw70.ini
[2004/12/15 14:52:14 | 000,002,746 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2004/12/15 14:49:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2004/12/15 13:58:15 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/12/15 13:58:14 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/12/15 08:13:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2004/12/15 08:13:46 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/14 17:33:02 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/09 18:58:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/09 18:53:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/09 18:49:59 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/09 18:35:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/09 18:34:48 | 000,515,686 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/09 18:34:48 | 000,091,246 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/09 18:21:52 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:20:10 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:14:38 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:12:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 11:31:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/11 11:31:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2003/06/25 01:38:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1997/07/11 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/08/20 19:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== LOP Check ==========
[2011/10/13 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/03/02 11:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/03/03 12:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Danfoss Drives
[2008/12/11 12:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/11/08 07:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/19 14:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/09/10 08:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\Autodesk
[2011/07/08 12:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\cadenas
[2011/03/02 11:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\Canneverbe Limited
[2011/11/11 08:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\IObit
[2005/01/18 16:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\Leadertech
[2008/03/12 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\MSNInstaller
[2011/10/03 14:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\theresa\Application Data\NCDrive
[2011/11/14 09:39:14 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\XGEO.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
< End of report >
Edited by paladin181, 14 November 2011 - 09:37 AM.