Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ping.exe-Malware? [Solved]


  • This topic is locked This topic is locked

#1
JScottL

JScottL

    Member

  • Member
  • PipPip
  • 10 posts
Yesterday when I was using my computer I noticed that it seemed to be running very slowly. When I did a Crt/Alt/Del to see if I could find the problem.I saw that the CPU was running 100% When I looked at the process tab it showed ping.exe using the most of the CPU. At times it was going at 700k. Then later on it would be running normally(the computer) and then it would go back 100% I have been looking up to see if this is Malware and I do not know whether or not it is Malware. I have no idea where I would have picked it up. I was running Facebook at the time and then I was playing World of Warcraft and it was running choppy. I ran PC Matic this morning to see if that would fix the problem but it did not. I am a scared person when trying to fix things for the fear of ruining my computer. I am also getting ads to pop out of nowhere. I use Firefox and it tries to open 3 tabs and 2 of the tabs have errors on them and the other 1 has the ad. I hope I have put this in the right spot to find out what I need to do. I am looking forward to working with you. I found you when I was checking for information about this. Please I remember I don't know what I am doing, so I am trusting this site to help me out. If you need more information I will try and get it for you. Thank you and Have Nice Day. Scott


OTL logfile created on: 12/8/2011 2:19:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Scott Lembke\My Documents\My Games
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 71.98% Memory free
5.72 Gb Paging File | 5.11 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 24.02 Gb Free Space | 10.63% Space Free | Partition Type: NTFS

Computer Name: YOUR-85A8F7B8EC | User Name: Scott Lembke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 14:17:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott Lembke\My Documents\My Games\OTL.exe
PRC - [2011/12/08 12:22:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\Temp\hki9949.exe
PRC - [2011/11/28 10:53:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 10:04:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/05/10 12:33:20 | 000,382,104 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
PRC - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/04/13 18:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/02 11:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2005/08/18 00:00:00 | 001,434,112 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
PRC - [2004/10/25 11:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 11:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 11:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/04/15 16:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/08 12:22:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\Temp\hki9949.exe
MOD - [2011/11/28 10:53:46 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/16 20:01:28 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/07/09 15:38:00 | 000,286,720 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2010/03/23 03:21:40 | 000,300,368 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\vipre.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/02/03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 22:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/04/28 19:27:00 | 000,038,576 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/10/11 20:51:40 | 000,223,232 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\sqlite3.dll
MOD - [2003/05/30 15:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/09/26 11:28:14 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2011/09/20 20:07:57 | 003,542,616 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/05/10 12:33:20 | 000,382,104 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2011/04/08 09:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [On_Demand | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/26 16:48:00 | 000,285,152 | ---- | M] () [On_Demand | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [On_Demand | Stopped] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/19 13:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/08/02 11:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [On_Demand | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/11/02 17:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 11:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 11:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 11:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 11:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 13:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 13:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 05:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 05:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 05:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/04/15 16:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/10/30 14:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 23:18:58 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2010/06/14 14:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/02/03 10:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 07:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/07/26 09:26:54 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 09:26:42 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/14 07:58:50 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 12:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/01/18 03:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/10/11 19:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/29 16:31:57 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2006/06/20 14:00:38 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2006/06/20 14:00:28 | 000,021,312 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/06/20 14:00:18 | 000,039,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/11/23 14:16:10 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/08/18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/08/14 09:29:07 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2005/05/16 07:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/16 07:15:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/27 19:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/05 22:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/06/29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 17:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/10/13 23:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)
DRV - [2002/10/13 23:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2000/12/05 18:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weat...x=149&map.y=186
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Castle Age Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google Desktop"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.306
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1344
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.8.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {5e558974-b2d6-4ee2-be14-cb56ab1a8626}:1.300.306
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {aac4043a-8832-4abe-9963-35377f30b8e6}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}:1.69.1
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.53
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.1
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {cc6ef5ab-35be-4300-bd07-d12850fc97ff}:4.5.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "http://search.freeca...&type=61413&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0: C:\Documents and Settings\Scott Lembke\Application Data\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/15 06:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/10/20 08:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/09/30 07:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2011/09/30 07:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 10:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 07:04:47 | 000,000,000 | ---D | M]

[2009/11/02 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Extensions
[2009/11/02 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Extensions\[email protected]
[2011/12/07 10:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions
[2010/10/29 07:34:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/03 17:17:55 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2009/07/03 05:59:37 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2010/03/07 13:53:24 | 000,000,000 | ---D | M] (Enchanted Island) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{5e558974-b2d6-4ee2-be14-cb56ab1a8626}
[2011/11/28 10:54:00 | 000,000,000 | ---D | M] (Playdom Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2011/11/28 10:54:22 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2011/03/15 20:21:15 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/12/06 22:12:47 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/04 16:16:01 | 000,000,000 | ---D | M] (Castle Age Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2011/09/20 21:14:20 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2011/10/07 17:27:39 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/05/29 10:27:16 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/03/22 16:11:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2010/02/27 10:07:56 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/08/21 13:45:27 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2009/03/28 15:03:22 | 000,000,000 | ---D | M] (Solid State ION) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/06/28 18:50:25 | 000,000,000 | ---D | M] ("SwiffOut") -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2009/12/03 17:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/03 17:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/11/26 10:39:24 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\searchplugins\bing.xml
[2011/01/20 17:48:28 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\searchplugins\search-the-web.xml
[2011/11/28 10:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SCOTT LEMBKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQ9TDQBH.DEFAULT\EXTENSIONS\{84625510-7E5D-11E0-A411-0800200C9A66}.XPI
[2008/12/23 09:06:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/28 10:53:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/21 17:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
[2008/08/21 17:17:08 | 000,120,248 | ---- | M] (MGame) -- C:\Program Files\mozilla firefox\plugins\NPMFireLauncher.dll
[2006/05/13 10:18:23 | 000,024,576 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2003/01/15 18:39:16 | 000,036,864 | ---- | M] (WildTangent) -- C:\Program Files\mozilla firefox\plugins\npWTHost.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/31 09:38:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/28 10:53:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npMozCouponPrinter.dll
CHR - plugin: HoldemFireLauncher (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
CHR - plugin: MFireLauncher (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: WildTangent Netscape Webdriver Host (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npWTHost.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Chrome Tips Beta (by Google) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.3_0\
CHR - Extension: Wargods Online = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biliciflofhindalhonkpjompfdngohk\1.0.0_0\
CHR - Extension: Planeto Quiz = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg\1.0.4_0\
CHR - Extension: Progress Quest = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ccddjeibgbelbpofofplmfonkabpbnje\1_0\
CHR - Extension: Monster Dash = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: The Rise of Atlantis = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcmgcfmfemlhoncahhnmhinceggddcnp\1.0.2.5_0\
CHR - Extension: AndroidZoon - Android Apps and Games = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dplpkbbkdaeabpegicpmkofbkbeginab\0.0.0.3_0\
CHR - Extension: The Godfather: Five Families = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Sports Scoreboard = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eoippgliebkkmjhjlgealjghjcknfdae\2.1_0\
CHR - Extension: A Space Shooter for FREE = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa\4_0\
CHR - Extension: Friv Arcade = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\feimnjkaalifjfcclfghbpaojnebfhib\1_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.1_0\
CHR - Extension: All Angry Birds = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpppigpkfkcaemnocokbljcampoaiplc\1.7_0\
CHR - Extension: Pearl Heroes of the Three Kingdoms = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfejipfdgbkbadlcfcjjdpnhiajndaag\4_0\
CHR - Extension: Planetarium = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Bubble Shooter = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Penguin Slice = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldgbfokohncfibafgjmkdckoggfeceoe\1.2.9_0\
CHR - Extension: Contract Killer = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.1_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.0_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/10/02 06:52:49 | 000,004,081 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm020YYUS File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony...ct/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab40641.cab (StagingUI Object)
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} http://www.albatross...m/cabs/A18X.ocx (A18X Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20Stories%20-%20Island%20of%20Hope/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} http://profile.homes....0_HOMESCAN.cab (NMInstall Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://dl.boston.run....com/wficat.cab (Citrix ICA Client)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ub...s/GSManager.cab (CoGSManager Class)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} http://www.retro64.c...s/r64loader.cab (CR64Loader Object)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} http://www.miniclip....pGameLoader.dll (Reg Error: Key error.)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.3.0.97.cab (Reg Error: Key error.)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildt...iveLauncher.cab (WildTangent Active Launcher)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.shockwave...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} http://kraisoft.com/...ne/aquacade.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} http://mp1.mplay.obe...nt/flashnet.cab (Oberon Media Network Optimizer)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave...h2.1.0.0.53.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1120790234984 (MUWebControl Class)
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} http://xms.keynote.c...torLauncher.cab (Keynote Connector Launcher)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} https://www.gamespyid.com/alaunch.cab (GSDACtl Class)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Yahoo! Audio UI1)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://real.gamehous...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://38.112.40.106...1/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8DB0B6FB-914F-41DE-B89E-35D80F378640} http://kraisoft.com/...e/abcisland.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} http://consumerinput...ppy/dcainst.cab (Setup Class)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://ares.netgame....ch_USAv1002.cab (MGLaunch_USAv1001 Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab43895.cab (ZPA_TexasHoldem Object)
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} http://media.grab.co...gameloader6.cab (LREGameLoaderCtrl Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} http://209.67.146.68.../ACNePlayer.cab (ACNPlayer2 Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game09.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...d/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab41227.cab (StadiumProxy Class)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/...WebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://148.213.21.243/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://real.gamehous...opcaploader.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} http://www.clickteam...e3/vitalize.cab (Reg Error: Key error.)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://games.pogo.co...ameLauncher.cab (Playtime Games Launcher)
O16 - DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} http://online.invoke...7206/MILive.cab (Invoke Solutions MILive Participant Control(MR))
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} http://www.livetest....ivetest_bar.cab (VeriTest LiveTest Bar Activate)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab36385.cab (ZPA_Backgammon Object)
O16 - DPF: PCPitstop-Tracks-Checker http://pcpitstop.com...y/PCPTracks.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.raptisoft...tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B53F67C-A70F-4B8A-ACB0-E94E98853E2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (wbsys.dll) -C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) -c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) -C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WBSrv: DllName - (C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/26 16:17:06 | 000,000,646 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/07/08 20:03:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.111 -- [ NTFS ]
O32 - AutoRun File - [2004/12/01 13:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/08 20:03:25 | 000,000,216 | ---- | M] () - C:\AUTOEXEC.BTM -- [ NTFS ]
O33 - MountPoints2\{aaea7c39-4e85-11dd-a329-001111ce058b}\Shell - "" = AutoRun
O33 - MountPoints2\{aaea7c39-4e85-11dd-a329-001111ce058b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aaea7c39-4e85-11dd-a329-001111ce058b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/07 14:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/07 07:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/06 10:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCsoft
[2011/12/06 08:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott Lembke\Application Data\NVIDIA
[2011/12/06 08:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott Lembke\Application Data\Ventrilo
[2011/12/06 08:27:49 | 001,039,979 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\GameHouse Holiday Screensaver.scr
[2011/12/06 08:27:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\GameHouse Holiday Screensaver Uninstaller
[2011/12/06 08:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/12/06 08:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/12/06 08:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/06 06:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/06 06:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/06 06:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/06 06:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/29 19:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/11/29 17:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/11/18 05:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2005/06/06 15:06:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/08 14:26:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/08 14:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/08 14:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/08 14:09:03 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005UA.job
[2011/12/08 14:08:48 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 14:00:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\B0FD4635918AF0F1.job
[2011/12/08 14:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\B62FDDF2918846D6.job
[2011/12/08 13:51:20 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/08 13:41:04 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 13:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/08 12:22:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\1T620675.com_
[2011/12/08 12:22:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\1T620675.com
[2011/12/08 12:22:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/08 12:22:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/08 12:22:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1T620675.com.b
[2011/12/08 12:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/08 11:41:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 11:22:25 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/08 11:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/08 11:09:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005Core.job
[2011/12/08 10:30:47 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job
[2011/12/08 10:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/08 09:37:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 09:37:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/08 09:36:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 09:36:52 | 3085,746,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 09:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/08 08:22:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1S778D.dat
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/07 12:25:57 | 000,000,216 | RH-- | M] () -- C:\boot.ini
[2011/12/07 11:19:04 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/12/07 06:57:11 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Holiday Bonus.lnk
[2011/12/07 06:56:43 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Delicious Emilys True Love Premium Edition.lnk
[2011/12/06 10:37:13 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Lineage II.lnk
[2011/12/06 10:35:39 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCsoft Launcher.lnk
[2011/12/06 08:27:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/06 08:27:27 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/12/06 06:26:09 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/06 06:22:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 13:41:02 | 001,173,022 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\google-reader-shortcuts-new.pdf
[2011/12/01 15:32:34 | 001,039,979 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\GameHouse Holiday Screensaver.scr
[2011/11/30 23:19:04 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2011/11/30 23:18:58 | 000,163,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/11/24 11:12:12 | 000,306,184 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\HPIM0359.JPG
[2011/11/21 19:34:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/21 13:46:25 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/21 13:46:25 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/21 13:24:39 | 000,242,268 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/18 23:10:01 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Google Chrome.lnk
[2011/11/18 23:10:01 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 05:43:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 18:02:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/16 17:17:52 | 001,605,009 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\gmail-guide.pdf
[2011/11/16 17:16:56 | 002,317,148 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Speak_Internet_xHTML.pdf
[2011/11/16 17:13:11 | 003,022,940 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Ubuntu_Old_Computer_New_Life.pdf
[2011/11/16 17:12:23 | 002,118,695 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Android_Guide.pdf
[2011/11/15 19:07:13 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/15 19:07:13 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/13 16:07:10 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Get More Games at PlayFirst.com.lnk
[2011/11/13 16:07:10 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Diner Dash - Flo on the Go.lnk

========== Files Created - No Company Name ==========

[2011/12/08 13:21:00 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com
[2011/12/08 12:49:19 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com_
[2011/12/08 12:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com.b
[2011/12/08 08:22:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1S778D.dat
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/12/07 06:57:11 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Holiday Bonus.lnk
[2011/12/07 06:56:43 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Delicious Emilys True Love Premium Edition.lnk
[2011/12/06 10:37:13 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Desktop\Lineage II.lnk
[2011/12/06 10:35:39 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCsoft Launcher.lnk
[2011/12/06 08:27:27 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/12/06 08:26:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/06 06:26:09 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/02 13:41:02 | 001,173,022 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\google-reader-shortcuts-new.pdf
[2011/11/29 17:09:49 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/11/22 05:57:13 | 3085,746,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/21 19:34:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/18 05:43:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 17:17:52 | 001,605,009 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\gmail-guide.pdf
[2011/11/16 17:16:56 | 002,317,148 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Speak_Internet_xHTML.pdf
[2011/11/16 17:13:11 | 003,022,940 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Ubuntu_Old_Computer_New_Life.pdf
[2011/11/16 17:12:23 | 002,118,695 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Android_Guide.pdf
[2011/11/13 16:07:10 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Desktop\Diner Dash - Flo on the Go.lnk
[2011/10/24 09:53:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/10/05 14:58:35 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/10 21:21:03 | 000,000,969 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/13 18:47:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/19 16:50:08 | 000,242,268 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/19 16:49:49 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/19 16:49:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/19 23:50:48 | 000,143,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/10 19:57:09 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/10 19:57:09 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/21 17:27:42 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/29 18:15:07 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/02 20:47:47 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/12/23 08:04:06 | 000,008,325 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2008/08/21 14:39:04 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/19 14:47:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2008/04/13 16:36:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/03/01 07:56:54 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/11/23 09:52:01 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/10/10 13:03:41 | 000,000,148 | ---- | C] () -- C:\WINDOWS\clientshell.INI
[2007/09/30 10:43:15 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LIBMYSQL.DLL
[2007/05/26 10:32:28 | 000,026,288 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/12/25 11:12:23 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2006/12/25 11:12:11 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2006/12/19 16:07:12 | 000,007,522 | ---- | C] () -- C:\WINDOWS\langorig.ini
[2006/12/07 17:43:39 | 000,000,689 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2006/11/08 07:57:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/08 07:57:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/23 13:42:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/09/28 00:13:38 | 000,015,921 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Application Data\.googlewebacchosts
[2006/09/07 04:29:29 | 000,000,078 | ---- | C] () -- C:\WINDOWS\savers.ini
[2006/08/11 11:15:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ToonClock.ini
[2006/07/29 16:31:57 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2006/07/07 21:17:14 | 000,290,816 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCT1.DLL
[2006/07/02 09:02:15 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\.mpid
[2006/06/18 11:49:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\IrisAPE.ini
[2006/06/16 17:16:17 | 000,243,788 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCTDR.dll
[2006/06/16 17:16:17 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCTD.DLL
[2006/06/13 17:16:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2006/06/13 17:15:59 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2006/06/13 17:11:54 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/06/12 13:47:55 | 000,000,316 | ---- | C] () -- C:\WINDOWS\bbbconfig.dat
[2006/06/11 14:47:33 | 000,000,155 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/06/10 07:32:16 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2006/05/26 16:47:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\ntvdn.dll
[2006/04/16 20:43:22 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/04/02 00:20:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/24 23:33:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/03/08 19:01:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\livetest_bar.ini
[2006/03/04 18:38:55 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall windowswasherss.exe
[2006/03/04 18:37:47 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall XP Icon Wars by Lady Di.exe
[2006/03/04 18:35:43 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall Smooth Sailing By Lady Di.exe
[2006/03/04 18:33:50 | 000,166,806 | ---- | C] () -- C:\WINDOWS\uninstall What Dreams May Come.exe
[2006/03/04 15:40:43 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/02/20 11:39:56 | 000,001,448 | ---- | C] () -- C:\WINDOWS\npdor.ini
[2006/01/10 18:42:39 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/12/30 18:16:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2005/12/30 18:03:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\PCSPATS.DAT
[2005/12/27 15:35:15 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/27 15:35:06 | 000,005,107 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/24 21:28:51 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/20 10:35:46 | 000,003,717 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/19 19:41:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/19 19:41:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/08/29 14:49:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/27 19:02:52 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/08/06 21:36:15 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:24:53 | 000,000,652 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2005/07/28 20:33:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\GUIDIN~1.ini
[2005/07/28 20:32:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\RETURN~1.ini
[2005/07/24 14:11:40 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2005/07/08 19:43:27 | 000,000,110 | ---- | C] () -- C:\WINDOWS\hodjpodj.ini
[2005/07/04 15:52:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/07/04 15:52:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/07/04 15:52:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/07/04 14:13:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2005/07/01 19:28:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/01 17:28:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/06/09 13:15:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Application Data\wklnhst.dat
[2005/06/03 21:40:15 | 000,000,158 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/06/03 20:30:20 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/26 18:39:36 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/05/25 18:34:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\Gksui16.exe
[2005/05/24 16:46:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/05/21 20:51:22 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2005/05/21 19:06:37 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\fusioncache.dat
[2005/05/21 18:53:32 | 000,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/05/21 18:53:32 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/22 18:40:51 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/22 18:35:12 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/02/22 18:34:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/22 18:34:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/22 18:34:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/22 18:34:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/22 18:34:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/22 18:34:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/22 18:33:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/22 18:28:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/01 16:35:28 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/12/01 15:43:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 15:16:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/12/01 15:16:58 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/12/01 15:16:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2004/12/01 14:59:21 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2004/12/01 14:49:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/12/01 13:51:57 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 13:45:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/01 13:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/01 12:29:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 12:28:46 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 12:28:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/01 12:28:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 12:28:13 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 12:28:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 12:28:13 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 12:28:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 12:28:13 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 12:28:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 12:28:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 12:28:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 12:28:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 12:28:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 05:35:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 05:34:29 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/04 11:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 19:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2007/03/02 14:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-66-66-pr-50-3o
[2010/09/18 08:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/02/11 09:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/06/10 13:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2011/04/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2009/03/23 09:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2008/03/27 08:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2011/06/14 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avalon-Legends-Solitaire
[2011/05/05 18:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2007/11/27 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/02/11 09:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2010/11/22 20:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drivers.com
[2006/04/18 15:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/01/06 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2007/08/22 09:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010/12/16 15:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/04/08 14:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/05/15 18:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2008/04/02 12:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2009/09/09 18:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2008/06/25 08:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/02/27 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/16 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/07/31 05:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/08/05 06:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2006/05/20 22:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2010/03/10 07:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/09/23 15:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesCampus
[2009/09/12 19:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/02/05 06:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008/06/24 11:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2011/12/07 10:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2011/09/18 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/08/04 09:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/12/20 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2010/11/27 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2011/08/04 12:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/12/20 10:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2008/12/09 18:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2011/04/15 06:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/10/10 08:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/02/07 14:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kayo Games
[2011/02/24 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2007/08/30 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2008/06/25 07:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/19 17:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marginal Team
[2009/06/16 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/10/22 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/04/09 19:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/02/20 13:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2005/08/06 08:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/04/02 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/01 18:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2007/04/11 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/09/02 14:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/08/22 08:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2011/09/10 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/09/29 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/16 16:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2011/07/30 10:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2011/12/08 09:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/12/06 06:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2005/07/02 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2011/08/01 08:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Play
[2011/08/24 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/25 08:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/01 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2011/09/23 08:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/11 07:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2005/05/22 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/10/10 19:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/18 21:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2007/10/20 08:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/08/24 13:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/04/07 11:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2005/11/19 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2009/05/18 16:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2005/07/24 14:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/04/04 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2007/12/29 10:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTopV1004
[2009/01/30 10:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/08/04 09:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2011/12/07 10:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/30 09:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2011/01/16 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/01/11 10:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/08/22 18:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/01 05:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/12/16 09:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrinkle-free Games
[2007/08/30 12:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/12/06 06:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/12 17:56:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Scott Lembke\Application Data\.#
[2007/09/16 19:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\.gaim
[2005/06/04 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\absolutist.com
[2010/09/18 08:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\AGI
[2006/12/04 16:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\aignes
[2011/06/10 13:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\AlawarSouthpoint
[2011/04/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\aliasworlds
[2011/07/25 11:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Anarchy
[2008/10/21 06:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BFG_JanesRealty
[2010/12/30 08:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Big Fish Games
[2009/03/05 18:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitCometLite
[2011/07/30 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitTorrent
[2009/09/05 09:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitZipper
[2011/05/05 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\blg
[2011/07/25 08:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Daedalic Entertainment
[2011/09/24 08:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Dekovir
[2011/05/07 10:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\DivoGames
[2006/04/18 20:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\EA
[2005/09/02 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\eGames
[2011/07/30 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\eMusic
[2008/01/01 12:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Eyeblaster
[2009/06/13 13:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Faerie Solitaire
[2010/03/01 06:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Flood Light Games
[2010/08/12 15:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\FOG Downloader
[2007/10/06 14:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ForgottenRiddles
[2011/12/07 12:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Free Download Manager
[2011/02/01 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Friday's games
[2011/05/24 06:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\funkitron
[2006/05/20 22:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GameBlend
[2009/01/08 17:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GameInvest
[2008/12/13 13:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Gamelab
[2010/05/30 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GamesCafe
[2009/01/17 09:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GarageGames
[2010/08/03 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GetRightToGo
[2010/11/27 08:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GTM_Bodie
[2011/09/19 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Hephaestus
[2011/03/23 05:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Hotdog Hotshot
[2010/02/01 11:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ijjigame
[2011/01/30 09:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\InImages
[2005/05/21 18:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\InterMute
[2006/12/19 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\iScreensaver
[2009/05/16 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ITTerritory
[2008/03/16 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\iWin
[2011/08/07 18:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Janes Realty2
[2005/06/21 16:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Keynote Systems
[2011/11/05 20:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Kutawaves Game
[2005/11/15 22:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Leadertech
[2010/04/06 21:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\LimeWire
[2005/07/30 15:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\LRE Web Games
[2008/03/29 00:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Ludia
[2009/10/22 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Merscom
[2006/01/24 21:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Mind Control Software
[2011/07/23 15:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Mystery of Mortlake Mansion
[2009/09/29 13:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\NeopleLauncherDFO
[2006/08/14 08:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\NHN Corporation
[2008/07/12 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\OverDrive
[2010/07/11 11:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Peace Craft
[2011/04/25 07:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PeaceCraft2
[2011/08/31 08:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PeaceCraft3
[2011/05/29 14:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Ph03nixNewMedia
[2011/11/13 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PlayFirst
[2011/07/21 20:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\playmink
[2011/03/12 13:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Playrix Entertainment
[2008/07/02 20:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PSGame
[2005/10/07 19:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Raptisoft
[2009/04/17 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\RdrSoftHope
[2005/11/25 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Retro64 Computer Games
[2011/10/24 18:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\RIFT
[2010/04/24 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\runic games
[2011/08/27 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Sony Online Entertainment
[2009/01/17 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Spellborn Downloader
[2011/10/06 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\spiral
[2011/12/05 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Spotify
[2011/11/03 16:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\StoneTrip
[2011/09/08 19:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\SystemRequirementsLab
[2006/03/04 17:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Template
[2010/01/19 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Trillian
[2010/11/19 19:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\TS3Client
[2009/09/30 01:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Turbine
[2011/07/07 16:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Unity
[2005/11/19 01:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\uqm
[2008/07/05 10:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\VTExtra
[2011/10/05 15:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Webshots
[2010/09/18 08:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2005/08/27 20:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Wildfire
[2008/03/22 22:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\WildTangent
[2008/10/31 22:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\X-Chat 2
[2010/05/14 22:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\yoclient
[2009/07/17 14:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\YoudaGames
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/08 09:37:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/08 09:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/08 12:22:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/08 10:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/08 11:22:25 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/08 11:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/12/08 12:22:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/08 12:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/12/08 13:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/08 13:51:20 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/12/08 14:21:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/08 14:21:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/08 08:22:53 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/08 08:22:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/12/08 14:00:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\B0FD4635918AF0F1.job
[2011/12/08 14:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\B62FDDF2918846D6.job
[2011/12/08 10:30:47 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB6CB455
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C002812B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C77675
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C466FD6
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B5CDE9B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43A7A7AD
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8134D8F
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCC7E008
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA99C0C
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1409277B
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7326AC15
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C891DDE
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:114BD271
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E90ED3
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AF5CA3
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED810E46
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D94162E1
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:626A067D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E1FF0FC
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E66D1425
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B904C348
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7C74916
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E7CEB66
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60839224
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4620FBCD
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B812EE0
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD2AB6E9
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8658F1F5
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64648EF8
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39C7B7C6
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3313A48D
@Alternate Data Stream - 403 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 398 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7434FA5A
@Alternate Data Stream - 375 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A8B9BF3
@Alternate Data Stream - 357 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3550AA2
@Alternate Data Stream - 340 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 333 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6283A8D3
@Alternate Data Stream - 331 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF258AD5
@Alternate Data Stream - 329 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A9201B
@Alternate Data Stream - 328 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92660C3E
@Alternate Data Stream - 326 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B3D15A
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1A3FF2
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:127BB39D
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A700A7A
@Alternate Data Stream - 280 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDBA1B03
@Alternate Data Stream - 276 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21413B8
@Alternate Data Stream - 255 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E0ECCFB
@Alternate Data Stream - 254 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5506D17E
@Alternate Data Stream - 251 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D86FE5
@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72830084
@Alternate Data Stream - 245 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B8B59DB
@Alternate Data Stream - 244 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F1C6B8
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4549211
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CC16245
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A03D29
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36CB2BB0
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC1B2CAA
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15D9664E
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:716BF8D6
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A37FCC3
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D3521E6
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:39613F68
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F71B881A
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB8E83D7
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A13B1B25
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93A1878
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756A3FF0
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9E46E4C
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EDE4A51
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50E7393E
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B2C4A0E
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F164CEA1
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB62269
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E426A1F
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A577758
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C81971AB
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94E8CC47
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:771316F5
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FCD3A761
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:839ADBB2
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63D2848F
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A95624CB
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64798F2
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E81E58FA
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFAE7666
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:389C1BAE
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70FD4407
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436D3370
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94ABF
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC56E61
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F47F32C
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E56E607B
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD7E32B5
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4684DC31
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A43CC602
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:138A0A84
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B2128F2
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EB551C8
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BEB74DB
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AEB42F1
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:744022A1
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F348ED8
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:150A6846
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F11720
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B7FA53
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEBFF9C6
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D33169E5
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04CAC43
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B809B70C
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A5AE0DA
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F740FCB
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5FF36D4
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F075520
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E52E4F
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4290D685
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887EAE14
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B47E6D0F
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49508BCE
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB2BB17F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDEBFBDD
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B919608
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053FEC11
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8F8512D
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:330B710D
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A148405
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:837546C7
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C340A64
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6DD01C6
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFBCBDB7
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18E75326
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76BA037
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3B51977
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BCFB47A
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7730732
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE2EA3C2
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE04588B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18D4E3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56A74E89
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5500604D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26939499
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9000539
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3A6CA11
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:537E6E55
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B403ABD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77721732
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C0FB4B7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4709F39D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E70CF2C0
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5363CEB
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CD67850
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9D83120
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B5993B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90617464
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77F75B20
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1037D53D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD8531
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6B1DEBB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB6BFFCD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF9C79E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48429D0E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351730E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18C0D660
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE7605F1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:953FDC1A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85311D92
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E499B52
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FA346B6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BF0E332
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F321F01E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEE4A457
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE7A0841
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA328E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A8B3070
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1C0B203
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC7C9796
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0BD7797
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6AA4326A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6CD88E9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6FD7157
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B7F1EC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E95997
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F00C05D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F498C545
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE07EBE7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3251D01
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E71AC6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72542FE8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B565D04
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB373897
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A93447
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C72DC93
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7624E8B8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:248418FF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12B6A5EC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0925D78A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F76D01BB
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE64143E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:304D2C3C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC60E0F8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AC9B4B7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43301D1D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E71141D2
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACECBBFF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD2D5587
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64265738
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23C5DA6D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12AD56AF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD537E5A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E855BDCF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E163B404
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7601C61
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E63FBFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0551F1FA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03777453
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4C57F9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086DE893
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA77FCFA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA37E770
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8886182C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55EFEB27
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5433DBEF
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43283EB6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178D4338
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6F70D64
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D02FBAEC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3BAC02F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AADC76BA
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A628F34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AA6FC81
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A3E318
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:501D8146
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00811B66
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81653DC8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE7797
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:279FF250
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F680D2D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C67CB31A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C25C9263
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6534FCF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB9DCC9
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:663B62CA
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2836460B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19254801
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC8ECED1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C37BA2F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:482CC303
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D61FFEE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20767002
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D157DD98
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94D41096
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88D32024
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F05E220
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A3DB99
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A93CCA6B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51CF9716
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0FB28B9
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9615F95C
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79DB7B30
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11DA80B5

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What antivirus are you using ?

I will clear the main miscreant first and then use OTL to tidy up on completion

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks, and also allow it to install the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
PC Matic is what I am using for Virus, spyware, malware protection.

When the program ran it said to me that it could not find a Microsoft Recovery Console and it would have to download one to continue. So it did that and now after that I get a box that says that the Microsoft Recovery Console was installed and is asking if I want to check for malware Should I do that? And then it asks that on each reset of the machine, a black screen will offer me the option to boot into recovery console mode. And then it says "For normal use, just ignore the black screen. Windows shall boot normally in 2 seconds." Should I click Yes to continue scanning for malware?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes continue scanning for malware as we need to remove the main infector
  • 0

#5
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OK I did that, and a message came up and told me "ComboFix has detected the presence of rootkit activity and need to reboot the machine." The next message that came up told me not reboot the computer, that it would do it. And then it started to reboot but it never did reboot. It is now on the main screen without the icons and doing nothing. What should I do now? By the way I am using my other computer to send you this message. I hope I have not done anything wrong.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First off try a reboot - if that fails then

Restart the computer and immediately continually press and release F8
The safe mode menu will appear
Select Last Known Good and reboot

Once done could you then run a fresh OTL log with the following script

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
First I need to tell you THANK YOU very much for helping me out!! This a GREAT service that you have and I am very impressed.
OK when I rebooted the computer it started the ComboFix program and I will give what it said now and then please tell me where we should go from there. I just want to make sure I am doing everything correctly. Thanks again!!!

ComboFix 11-12-08.01 - Scott Lembke 12/09/2011 14:05:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2458 [GMT -6:00]
Running from: c:\documents and settings\Scott Lembke\My Documents\My Games\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\ati\SUPPORT\5-5_xp-2k_dd_cp_wdm\CPanel\SeTUp.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\354E094D.TMP
c:\documents and settings\All Users\Application Data\TEMP\47417312.TMP
c:\documents and settings\All Users\Application Data\TEMP\AEC895D8.TMP
c:\documents and settings\All Users\Start Menu\online security guide.url
c:\documents and settings\All Users\Start Menu\Security Troubleshooting.url
c:\documents and settings\Scott Lembke\Application Data\.#
c:\documents and settings\Scott Lembke\WINDOWS
C:\install.exe
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\bg-gradient.gif
c:\program files\SelectRebates\SahImages\button-close.gif
c:\program files\SelectRebates\SahImages\sah-logopop.gif
c:\program files\SelectRebates\SahImages\SAHS_popuplogo2.gif
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\basis.xml.bak
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\windows\$NtUninstallKB34544$
c:\windows\$NtUninstallKB34544$\1582094524\@
c:\windows\$NtUninstallKB34544$\1582094524\bckfg.tmp
c:\windows\$NtUninstallKB34544$\1582094524\cfg.ini
c:\windows\$NtUninstallKB34544$\1582094524\Desktop.ini
c:\windows\$NtUninstallKB34544$\1582094524\keywords
c:\windows\$NtUninstallKB34544$\1582094524\kwrd.dll
c:\windows\$NtUninstallKB34544$\1582094524\L\emmnmoug
c:\windows\$NtUninstallKB34544$\1582094524\lsflt7.ver
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\1582094524\U\[email protected]
c:\windows\$NtUninstallKB34544$\687686562
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\iun6002.exe
c:\windows\jestertb.dll
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\setup.exe
c:\windows\ST6UNST.000
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\boot.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
c:\windows\wallpaper.jpg
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsmedia10-kb886612-x86-enu.exe
c:\windows\windowsxp-kb834707-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxpmediacenter2005-kb873369-enu.exe
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-08 23:08 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-08 19:21 . 2011-12-08 18:22 79872 ----a-w- c:\windows\system32\1T620675.com
2011-12-07 23:50 . 2011-12-07 23:50 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-12-07 20:52 . 2011-12-07 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-06 14:57 . 2011-12-06 14:57 -------- d-----w- c:\documents and settings\Scott Lembke\Application Data\NVIDIA
2011-12-06 14:29 . 2011-12-06 14:48 -------- d-----w- c:\documents and settings\Scott Lembke\Application Data\Ventrilo
2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\windows\GameHouse Holiday Screensaver Uninstaller
2011-12-06 14:27 . 2011-12-01 21:32 1039979 ----a-w- c:\windows\GameHouse Holiday Screensaver.scr
2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\program files\Ventrilo
2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-06 12:24 . 2011-12-06 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-06 12:16 . 2011-12-06 12:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-12-06 12:15 . 2011-08-02 23:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-12-06 12:15 . 2011-12-06 12:15 -------- d-----w- c:\program files\Bonjour
2011-11-29 23:09 . 2011-12-07 17:19 -------- d-----w- c:\program files\World of Warcraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 05:19 . 2004-12-01 18:28 3035136 ----a-w- c:\windows\system32\logonuiX.exe
2011-12-01 05:18 . 2006-06-13 23:11 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2011-11-17 02:01 . 2011-05-17 23:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 08:50 . 2011-10-05 20:58 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 08:50 . 2011-10-05 20:58 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 08:50 . 2010-07-10 11:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 08:50 . 2010-07-10 11:38 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 08:50 . 2010-07-10 11:38 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 08:50 . 2010-07-10 11:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 08:50 . 2010-07-10 11:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 08:50 . 2010-07-10 11:38 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 08:50 . 2010-07-10 11:38 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 08:50 . 2008-09-15 10:54 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 08:50 . 2008-09-15 10:54 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-05 21:46 . 2011-10-05 21:46 5545352 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2011-09-28 07:06 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-06-06 21:06 . 2005-06-06 21:06 774144 -c--a-w- c:\program files\RngInterstitial.dll
2011-11-28 16:53 . 2011-06-30 22:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-17 20:48 . 2006-02-19 22:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-09-18 160592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2011-10-5 5545352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 14:57 221184 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNA3100 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WeatherMatrix.com Desktop.lnk]
backup=c:\windows\pss\WeatherMatrix.com Desktop.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^BOINC Manager.lnk]
backup=c:\windows\pss\BOINC Manager.lnkStartup
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\BOINC Manager.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^Webshots Daily Features.lnk]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\Webshots Daily Features.lnk
backup=c:\windows\pss\Webshots Daily Features.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\Webshots.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^WebshotsWidget.lnk]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\WebshotsWidget.lnk
backup=c:\windows\pss\WebshotsWidget.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealRhapsody3Reboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 14:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-10-01 17:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
2004-04-26 21:21 270336 ----a-w- c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Nitro]
2011-06-30 10:01 3597520 ----a-w- c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-17 20:48 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 16:04 136176 ----atw- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center]
2011-09-26 17:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-11-03 22:07 1001 ----a-w- c:\program files\Intel\IntelAppStore\bin\ismagent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center_Nagware]
2011-11-03 22:07 1878 ----a-w- c:\program files\Intel\IntelAppStore\bin\AppUp.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeChat]
2008-08-21 17:16 267296 ----a-w- c:\program files\Microsoft LifeChat\LifeChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
2002-09-04 00:38 987187 ----a-w- c:\program files\WinCustomize\LogonStudio\LogonStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-11-05 07:34 13861480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-11-05 07:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-08-04 00:30 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC MaticRT]
2011-05-10 18:33 667800 ----a-w- c:\program files\PCPitstop\PC MaticRT\PCMaticRT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]
2011-09-26 17:28 325280 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-09-18 21:03 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-31 17:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2005-08-14 02:17 106544 ----a-w- c:\windows\system32\TWEAKUI.CPL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP]
2006-04-18 22:50 475136 ----a-w- c:\program files\TopThemesXP\txp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 18:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\Scott Lembke\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\6000\\install\\cyclomite.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Scott Lembke\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10599:TCP"= 10599:TCP:BitComet 10599 TCP
"10599:UDP"= 10599:UDP:BitComet 10599 UDP
"17081:TCP"= 17081:TCP:BitCometLite 17081 TCP
"17081:UDP"= 17081:UDP:BitCometLite 17081 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"18438:TCP"= 18438:TCP:BitCometLite 18438 TCP
"18438:UDP"= 18438:UDP:BitCometLite 18438 UDP
"20960:TCP"= 20960:TCP:*:Disabled:SolidNetworkManager
"20960:UDP"= 20960:UDP:*:Disabled:SolidNetworkManager
"57325:TCP"= 57325:TCP:Pando Media Booster
"57325:UDP"= 57325:UDP:Pando Media Booster
"56865:TCP"= 56865:TCP:Pando Media Booster
"56865:UDP"= 56865:UDP:Pando Media Booster
"58633:TCP"= 58633:TCP:Pando Media Booster
"58633:UDP"= 58633:UDP:Pando Media Booster
"58393:TCP"= 58393:TCP:Pando Media Booster
"58393:UDP"= 58393:UDP:Pando Media Booster
"57683:TCP"= 57683:TCP:Pando Media Booster
"57683:UDP"= 57683:UDP:Pando Media Booster
"58885:TCP"= 58885:TCP:Pando Media Booster
"58885:UDP"= 58885:UDP:Pando Media Booster
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/4/2011 3:10 PM 21464]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [7/29/2006 4:31 PM 120320]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe [10/4/2011 3:08 PM 382104]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/4/2011 3:10 PM 69976]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/24/2011 9:53 AM 642432]
S3 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [5/8/2011 3:27 AM 20480]
S3 AhnRptAHawke;AhnRptAHawke;\??\c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\AHAWKENT.sys --> c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\AHAWKENT.sys [?]
S3 AhnRptTfFRegF;AhnRptTfFRegF;\??\c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\TfFRegNt.sys --> c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\TfFRegNt.sys [?]
S3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/1/2004 12:28 PM 14336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/19/2006 4:47 PM 30192]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 8:22 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 8:22 PM 133104]
S3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/1/2004 12:28 PM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys --> c:\program files\Gravity\RO\npkycryp.sys [?]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [10/4/2011 2:45 PM 91816]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [1/10/2006 6:09 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [1/10/2006 6:09 PM 69680]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2008 6:06 PM 24652]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
S3 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [10/24/2011 9:53 AM 285152]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2011-12-08 c:\windows\Tasks\At1.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At10.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At11.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At12.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At13.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At14.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At15.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At16.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At17.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At18.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At19.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At2.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At20.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At21.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At22.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At23.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At24.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At25.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At26.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At27.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At28.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At29.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At3.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At30.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At31.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At32.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At33.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At34.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At35.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At36.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At37.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At38.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At39.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At4.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At40.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At41.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At42.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At43.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At44.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At45.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At46.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At47.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At48.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At5.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At6.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At7.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At8.job
- c:\windows\system32\1T620675.com_ [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\At9.job
- c:\windows\system32\1T620675.com [2011-12-08 18:22]
.
2011-12-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-21 02:45]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 02:22]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 02:22]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005Core.job
- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 16:04]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005UA.job
- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 16:04]
.
2011-12-09 c:\windows\Tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?MapType=3&site=ICT&CiTemplate=1&map.x=149&map.y=186
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: PCPitstop-Tracks-Checker - hxxp://pcpitstop.com/privacy/PCPTracks.cab
DPF: RaptisoftGameLoader - hxxp://www.raptisoft.com/webgames/raptisoftgameloader.cab
DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} - hxxp://www.retro64.com/downloads/r64loader.cab
DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} - hxxp://kraisoft.com/files/online/aquacade.cab
DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} - hxxp://xms.keynote.com/applications/connector/download/ConnectorLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {8DB0B6FB-914F-41DE-B89E-35D80F378640} - hxxp://kraisoft.com/files/online/abcisland.cab
DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - hxxp://consumerinput.r3h.net/panel/poppy/dcainst.cab
DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} - hxxp://media.grab.com/media/6364d3/games/files/669/lregameloader6.cab
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} - hxxp://online.invokesolutions.com/events/bin/media/4.1.0.1414-3.0.0.7206/MILive.cab
DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} - hxxp://www.livetest.com/livetest/taskpages/install/livetest_bar.cab
FF - ProfilePath - c:\documents and settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google Desktop
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61413&p=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-svcWRSSSDK
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DogMags - c:\docume~1\scottl~1\applic~1\rdrsof~1\date media once.exe
MSConfigStartUp-igndlm - c:\program files\IGN\Download Manager\dlm.exe
MSConfigStartUp-MAAgent - c:\program files\MarkAny\ContentSafer\MAAgent.exe
MSConfigStartUp-MegaPanel - c:\program files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SMSTray - c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSConfigStartUp-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe
MSConfigStartUp-WebrootTrayApp - c:\program files\Webroot\Security\Current\Framework\WRTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-09 14:42:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 20:42
.
Pre-Run: 25,368,498,176 bytes free
Post-Run: 26,031,595,520 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Restore Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 75AB275846852D0BB9B14093EA2BF7BB
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets kill some more :ph34r: On completion of this run could you run an OTL quick scan and post the resultant log. Along with any outstanding problems


1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

AtJob::

File::
c:\windows\system32\1T620675.com
c:\windows\system32\XDva011.sys
c:\windows\system32\XDva076.sys
c:\windows\system32\XDva143.sys
c:\windows\system32\XDva164.sys
c:\windows\system32\XDva189.sys
c:\windows\system32\XDva195.sys
c:\windows\system32\XDva208.sys

Driver::
XDva011
XDva143
XDva076
XDva164
XDva189
XDva195
XDva208

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok I need make sure what you are telling me to do. Do you want a OTL quick now and add the items you posted in notepad then into the ComboFix file? Then do a ComboFix ?Also I am getting the message about wanting to make my internet browser Internet Explorer. It keeps blinking on and off at times. Thank you :thumbsup:

Edited by JScottL, 09 December 2011 - 04:38 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My apologies, do the combofix script first and then follow up with the OTL scan. If you do not use IE as your main browser then tick no and remember the answer
  • 0

Advertisements


#11
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
First off no more blinking message about Internet Explorer option, so that looks fixed. Anyway here's the ComboFix file first and then OTL file. Is ok to override the OTL.txt and put this new into it? Thank you as always!! :thumbsup:

ComboFix 11-12-09.03 - Scott Lembke 12/09/2011 16:59:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2943.2144 [GMT -6:00]
Running from: c:\documents and settings\Scott Lembke\My Documents\My Games\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Lembke\CFScript.txt
.
FILE ::
"c:\windows\system32\1T620675.com"
"c:\windows\system32\XDva011.sys"
"c:\windows\system32\XDva076.sys"
"c:\windows\system32\XDva143.sys"
"c:\windows\system32\XDva164.sys"
"c:\windows\system32\XDva189.sys"
"c:\windows\system32\XDva195.sys"
"c:\windows\system32\XDva208.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1T620675.com
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA011
-------\Legacy_XDVA076
-------\Legacy_XDVA143
-------\Legacy_XDVA164
-------\Legacy_XDVA189
-------\Legacy_XDVA195
-------\Legacy_XDVA208
-------\Service_NPF
-------\Service_XDva011
-------\Service_XDva076
-------\Service_XDva143
-------\Service_XDva164
-------\Service_XDva189
-------\Service_XDva195
-------\Service_XDva208
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 21:53 . 2011-12-09 21:53 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-09 21:53 . 2011-12-09 21:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2011-12-09 21:53 . 2011-12-09 21:53 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-08 23:08 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-12-08 18:49 . 2011-12-08 18:22 79872 ----a-w- c:\windows\system32\1T620675.com_
2011-12-07 23:50 . 2011-12-07 23:50 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2011-12-07 20:52 . 2011-12-07 20:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-06 14:57 . 2011-12-06 14:57 -------- d-----w- c:\documents and settings\Scott Lembke\Application Data\NVIDIA
2011-12-06 14:29 . 2011-12-06 14:48 -------- d-----w- c:\documents and settings\Scott Lembke\Application Data\Ventrilo
2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\windows\GameHouse Holiday Screensaver Uninstaller
2011-12-06 14:27 . 2011-12-01 21:32 1039979 ----a-w- c:\windows\GameHouse Holiday Screensaver.scr
2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\program files\Ventrilo
2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-06 12:24 . 2011-12-06 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-12-06 12:16 . 2011-12-06 12:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-12-06 12:15 . 2011-08-02 23:38 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-12-06 12:15 . 2011-12-06 12:15 -------- d-----w- c:\program files\Bonjour
2011-11-29 23:09 . 2011-12-07 17:19 -------- d-----w- c:\program files\World of Warcraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 05:19 . 2004-12-01 18:28 3035136 ----a-w- c:\windows\system32\logonuiX.exe
2011-12-01 05:18 . 2006-06-13 23:11 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2011-11-17 02:01 . 2011-05-17 23:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-12-01 19:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 08:50 . 2011-10-05 20:58 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 08:50 . 2011-10-05 20:58 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 08:50 . 2010-07-10 11:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 08:50 . 2010-07-10 11:38 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 08:50 . 2010-07-10 11:38 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 08:50 . 2010-07-10 11:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 08:50 . 2010-07-10 11:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 08:50 . 2010-07-10 11:38 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 08:50 . 2010-07-10 11:38 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 08:50 . 2008-09-15 10:54 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 08:50 . 2008-09-15 10:54 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-05 21:46 . 2011-10-05 21:46 5545352 ----a-w- c:\documents and settings\Administrator\Application Data\wruninstall.exe
2011-09-28 07:06 . 2004-12-01 18:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-12-01 18:28 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-12-01 18:28 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-06-06 21:06 . 2005-06-06 21:06 774144 -c--a-w- c:\program files\RngInterstitial.dll
2011-11-28 16:53 . 2011-06-30 22:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-12-17 20:48 . 2006-02-19 22:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-31 68856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-09-18 160592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-27 240288]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\documents and settings\Administrator\Application Data\wruninstall.exe [2011-10-5 5545352]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2011-10-24 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 14:57 221184 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNA3100 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNA3100 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=c:\windows\pss\Run Google Web Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WeatherMatrix.com Desktop.lnk]
backup=c:\windows\pss\WeatherMatrix.com Desktop.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^BOINC Manager.lnk]
backup=c:\windows\pss\BOINC Manager.lnkStartup
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\BOINC Manager.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^Webshots Daily Features.lnk]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\Webshots Daily Features.lnk
backup=c:\windows\pss\Webshots Daily Features.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\Webshots.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Scott Lembke^Start Menu^Programs^Startup^WebshotsWidget.lnk]
path=c:\documents and settings\Scott Lembke\Start Menu\Programs\Startup\WebshotsWidget.lnk
backup=c:\windows\pss\WebshotsWidget.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 14:06 88363 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-10-01 17:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
2004-04-26 21:21 270336 ----a-w- c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Download Nitro]
2011-06-30 10:01 3597520 ----a-w- c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-17 20:48 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-30 16:04 136176 ----atw- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 19:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Info Center]
2011-09-26 17:27 24216 ----a-w- c:\program files\PCPitstop\Info Center\InfoCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-11-03 22:07 1001 ----a-w- c:\program files\Intel\IntelAppStore\bin\ismagent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center_Nagware]
2011-11-03 22:07 1878 ----a-w- c:\program files\Intel\IntelAppStore\bin\AppUp.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 06:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeChat]
2008-08-21 17:16 267296 ----a-w- c:\program files\Microsoft LifeChat\LifeChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
2002-09-04 00:38 987187 ----a-w- c:\program files\WinCustomize\LogonStudio\LogonStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-11-05 07:34 13861480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-11-05 07:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2011-08-04 00:30 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC MaticRT]
2011-05-10 18:33 667800 ----a-w- c:\program files\PCPitstop\PC MaticRT\PCMaticRT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]
2011-09-26 17:28 325280 ----a-w- c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2011-09-18 21:03 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-31 17:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2005-08-14 02:17 106544 ----a-w- c:\windows\system32\TWEAKUI.CPL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TXP]
2006-04-18 22:50 475136 ----a-w- c:\program files\TopThemesXP\txp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2004-09-22 02:54 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 18:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\Scott Lembke\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\6000\\install\\cyclomite.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Scott Lembke\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10599:TCP"= 10599:TCP:BitComet 10599 TCP
"10599:UDP"= 10599:UDP:BitComet 10599 UDP
"17081:TCP"= 17081:TCP:BitCometLite 17081 TCP
"17081:UDP"= 17081:UDP:BitCometLite 17081 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"18438:TCP"= 18438:TCP:BitCometLite 18438 TCP
"18438:UDP"= 18438:UDP:BitCometLite 18438 UDP
"20960:TCP"= 20960:TCP:*:Disabled:SolidNetworkManager
"20960:UDP"= 20960:UDP:*:Disabled:SolidNetworkManager
"57325:TCP"= 57325:TCP:Pando Media Booster
"57325:UDP"= 57325:UDP:Pando Media Booster
"56865:TCP"= 56865:TCP:Pando Media Booster
"56865:UDP"= 56865:UDP:Pando Media Booster
"58633:TCP"= 58633:TCP:Pando Media Booster
"58633:UDP"= 58633:UDP:Pando Media Booster
"58393:TCP"= 58393:TCP:Pando Media Booster
"58393:UDP"= 58393:UDP:Pando Media Booster
"57683:TCP"= 57683:TCP:Pando Media Booster
"57683:UDP"= 57683:UDP:Pando Media Booster
"58885:TCP"= 58885:TCP:Pando Media Booster
"58885:UDP"= 58885:UDP:Pando Media Booster
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/4/2011 3:10 PM 21464]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [7/29/2006 4:31 PM 120320]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\PCPitstop\PC MaticRT\PCPitstopRTService.exe [10/4/2011 3:08 PM 382104]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/4/2011 3:10 PM 69976]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/24/2011 9:53 AM 642432]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [10/24/2011 9:53 AM 285152]
S3 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [5/8/2011 3:27 AM 20480]
S3 AhnRptAHawke;AhnRptAHawke;\??\c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\AHAWKENT.sys --> c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\AHAWKENT.sys [?]
S3 AhnRptTfFRegF;AhnRptTfFRegF;\??\c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\TfFRegNt.sys --> c:\docume~1\SCOTTL~1\LOCALS~1\Temp\nsy9C.tmp\TfFRegNt.sys [?]
S3 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/1/2004 12:28 PM 14336]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/19/2006 4:47 PM 30192]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 8:22 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/29/2009 8:22 PM 133104]
S3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [12/1/2004 12:28 PM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys --> c:\program files\Gravity\RO\npkycryp.sys [?]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [10/4/2011 2:45 PM 91816]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [1/10/2006 6:09 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [1/10/2006 6:09 PM 69680]
S3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2008 6:06 PM 24652]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2011-12-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-21 02:45]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 02:22]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 02:22]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005Core.job
- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 16:04]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005UA.job
- c:\documents and settings\Scott Lembke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 16:04]
.
2011-12-09 c:\windows\Tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?MapType=3&site=ICT&CiTemplate=1&map.x=149&map.y=186
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: PCPitstop-Tracks-Checker - hxxp://pcpitstop.com/privacy/PCPTracks.cab
DPF: RaptisoftGameLoader - hxxp://www.raptisoft.com/webgames/raptisoftgameloader.cab
DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} - hxxp://www.retro64.com/downloads/r64loader.cab
DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} - hxxp://kraisoft.com/files/online/aquacade.cab
DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} - hxxp://mp1.mplay.oberon-media.com/client/flashnet.cab
DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} - hxxp://xms.keynote.com/applications/connector/download/ConnectorLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/axhost.cab
DPF: {8DB0B6FB-914F-41DE-B89E-35D80F378640} - hxxp://kraisoft.com/files/online/abcisland.cab
DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - hxxp://consumerinput.r3h.net/panel/poppy/dcainst.cab
DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} - hxxp://media.grab.com/media/6364d3/games/files/669/lregameloader6.cab
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game09.zylom.com/activex/zylomgamesplayer.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.213.21.243/activex/AMC.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} - hxxp://online.invokesolutions.com/events/bin/media/4.1.0.1414-3.0.0.7206/MILive.cab
DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} - hxxp://www.livetest.com/livetest/taskpages/install/livetest_bar.cab
FF - ProfilePath - c:\documents and settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google Desktop
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61413&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 17:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,39,70,a3,28,f5,07,42,a8,3d,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,39,70,a3,28,f5,07,42,a8,3d,93,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
- - - - - - - > 'explorer.exe'(2168)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-09 17:27:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 23:27
ComboFix2.txt 2011-12-09 20:42
.
Pre-Run: 26,062,807,040 bytes free
Post-Run: 26,204,975,104 bytes free
.
- - End Of File - - 8CAE7B76983D13A63E607113DD228B81


OTL logfile created on: 12/9/2011 5:37:31 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Scott Lembke\My Documents\My Games
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 81.65% Memory free
5.72 Gb Paging File | 5.41 Gb Available in Paging File | 94.62% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.88 Gb Total Space | 24.50 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive E: | 58.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: YOUR-85A8F7B8EC | User Name: Scott Lembke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 14:17:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott Lembke\My Documents\My Games\OTL.exe
PRC - [2011/05/10 12:33:20 | 000,382,104 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
PRC - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/02 11:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\Mabinogi\npkcmsvc.exe
PRC - [2004/10/25 11:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 11:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 11:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/04/15 16:45:22 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2010/08/26 16:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/07/09 16:38:00 | 000,286,720 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2010/03/23 03:21:40 | 000,300,368 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\vipre.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/02/03 10:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 22:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/04/28 19:27:00 | 000,038,576 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2004/10/11 20:51:40 | 000,223,232 | ---- | M] () -- C:\Program Files\PCPitstop\PC MaticRT\sqlite3.dll
MOD - [2003/05/30 15:47:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SVps.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/09/26 11:28:14 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2011/09/20 20:07:57 | 003,542,616 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/05/10 12:33:20 | 000,382,104 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2011/04/08 09:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [On_Demand | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/06/29 07:04:18 | 000,020,480 | ---- | M] (AG Interactive) [On_Demand | Stopped] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/19 13:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/08/02 11:33:50 | 000,080,528 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\Mabinogi\npkcmsvc.exe -- (npkcmsvc)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [On_Demand | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/11/02 17:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 11:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 11:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 11:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 11:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 13:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 13:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 05:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2004/06/16 05:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 05:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/04/15 16:45:22 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/10/30 14:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/30 23:18:58 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2010/06/14 14:04:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 14:04:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/07/26 09:26:54 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 09:26:42 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2008/07/26 09:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/14 07:58:50 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 12:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/01/18 03:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/10/11 19:59:12 | 001,920,920 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/29 16:31:57 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2006/06/20 14:00:38 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2006/06/20 14:00:28 | 000,021,312 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/06/20 14:00:18 | 000,039,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/12/19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2005/12/19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/11/23 14:16:10 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/08/14 09:29:07 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2005/05/16 07:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/05/16 07:15:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/10/27 19:24:52 | 002,297,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/05 22:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2004/06/29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/17 17:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/10/13 23:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)
DRV - [2002/10/13 23:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)
DRV - [2000/12/05 18:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weat...x=149&map.y=186
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Castle Age Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google Desktop"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.306
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1344
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.8.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: {5e558974-b2d6-4ee2-be14-cb56ab1a8626}:1.300.306
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {aac4043a-8832-4abe-9963-35377f30b8e6}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}:1.69.1
FF - prefs.js..extensions.enabledItems: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.53
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.1
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {cc6ef5ab-35be-4300-bd07-d12850fc97ff}:4.5.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {eb46c787-131a-4eb7-9b93-7f62ca550917}:0.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..extensions.enabledItems: {F587B2D4-7C09-4a23-AC4A-8D6E3CE8C7DA}:3.6
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2
FF - prefs.js..extensions.enabledItems: {285da7e0-729d-11db-9fe1-0800200c9a66}:2.20091201
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "http://search.freeca...&type=61413&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.1.0: C:\Documents and Settings\Scott Lembke\Application Data\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/15 06:09:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/10/20 08:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/09/30 07:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2011/09/30 07:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 10:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 07:04:47 | 000,000,000 | ---D | M]

[2009/11/02 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Extensions
[2009/11/02 17:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Extensions\[email protected]
[2011/12/07 10:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions
[2010/10/29 07:34:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/03 17:17:55 | 000,000,000 | ---D | M] (Tinseltown) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
[2009/07/03 05:59:37 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2010/03/07 13:53:24 | 000,000,000 | ---D | M] (Enchanted Island) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{5e558974-b2d6-4ee2-be14-cb56ab1a8626}
[2011/11/28 10:54:00 | 000,000,000 | ---D | M] (Playdom Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2011/11/28 10:54:22 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2011/03/15 20:21:15 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/12/06 22:12:47 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/04 16:16:01 | 000,000,000 | ---D | M] (Castle Age Community Toolbar) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
[2011/09/20 21:14:20 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2011/10/07 17:27:39 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/05/29 10:27:16 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/03/22 16:11:33 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2010/02/27 10:07:56 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/08/21 13:45:27 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2009/03/28 15:03:22 | 000,000,000 | ---D | M] (Solid State ION) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2011/06/28 18:50:25 | 000,000,000 | ---D | M] ("SwiffOut") -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\[email protected]
[2009/12/03 17:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions
[2009/12/03 17:18:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/11/26 10:39:24 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\searchplugins\bing.xml
[2011/01/20 17:48:28 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Mozilla\Firefox\Profiles\gq9tdqbh.default\searchplugins\search-the-web.xml
[2011/11/28 10:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\SCOTT LEMBKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GQ9TDQBH.DEFAULT\EXTENSIONS\{84625510-7E5D-11E0-A411-0800200C9A66}.XPI
[2008/12/23 09:06:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/28 10:53:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/21 17:17:06 | 000,103,864 | ---- | M] (ASP) -- C:\Program Files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
[2008/08/21 17:17:08 | 000,120,248 | ---- | M] (MGame) -- C:\Program Files\mozilla firefox\plugins\NPMFireLauncher.dll
[2006/05/13 10:18:23 | 000,024,576 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2003/01/15 18:39:16 | 000,036,864 | ---- | M] (WildTangent) -- C:\Program Files\mozilla firefox\plugins\npWTHost.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/10/31 09:38:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/28 10:53:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npMozCouponPrinter.dll
CHR - plugin: HoldemFireLauncher (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
CHR - plugin: MFireLauncher (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: WildTangent Netscape Webdriver Host (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npWTHost.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Chrome Tips Beta (by Google) = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdmbgfhokojnnaliemjgbahnfeggocpe\1.0.3_0\
CHR - Extension: Wargods Online = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\biliciflofhindalhonkpjompfdngohk\1.0.0_0\
CHR - Extension: Planeto Quiz = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caekfgjhgmkgdhbiaikgdbpldepnkchg\1.0.4_0\
CHR - Extension: Progress Quest = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ccddjeibgbelbpofofplmfonkabpbnje\1_0\
CHR - Extension: Monster Dash = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: The Rise of Atlantis = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcmgcfmfemlhoncahhnmhinceggddcnp\1.0.2.5_0\
CHR - Extension: AndroidZoon - Android Apps and Games = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dplpkbbkdaeabpegicpmkofbkbeginab\0.0.0.3_0\
CHR - Extension: The Godfather: Five Families = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Sports Scoreboard = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eoippgliebkkmjhjlgealjghjcknfdae\2.1_0\
CHR - Extension: A Space Shooter for FREE = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa\4_0\
CHR - Extension: Friv Arcade = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\feimnjkaalifjfcclfghbpaojnebfhib\1_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.1_0\
CHR - Extension: All Angry Birds = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpppigpkfkcaemnocokbljcampoaiplc\1.7_0\
CHR - Extension: Pearl Heroes of the Three Kingdoms = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfejipfdgbkbadlcfcjjdpnhiajndaag\4_0\
CHR - Extension: Planetarium = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Bubble Shooter = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.0_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Penguin Slice = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldgbfokohncfibafgjmkdckoggfeceoe\1.2.9_0\
CHR - Extension: Contract Killer = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.1_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.0_0\
CHR - Extension: Weather Underground = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/09 17:18:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\Program Files\InstallShield Installation Information\{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony...ct/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab40641.cab (StagingUI Object)
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} http://www.albatross...m/cabs/A18X.ocx (A18X Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20Stories%20-%20Island%20of%20Hope/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=48835 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {1B30282C-970F-4DCC-97D1-1714277525C1} http://profile.homes....0_HOMESCAN.cab (NMInstall Control)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.s...rl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://dl.boston.run....com/wficat.cab (Citrix ICA Client)
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} http://gamingzone.ub...s/GSManager.cab (CoGSManager Class)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B85} http://www.retro64.c...s/r64loader.cab (CR64Loader Object)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg...v45/yacscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.3.0.97.cab (Reg Error: Key error.)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildt...iveLauncher.cab (WildTangent Active Launcher)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://www.shockwave...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {40AC0F29-DF27-4711-B279-48B1F83A66AB} http://kraisoft.com/...ne/aquacade.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} http://mp1.mplay.obe...nt/flashnet.cab (Oberon Media Network Optimizer)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by106fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com...ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave...h2.1.0.0.53.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1120790234984 (MUWebControl Class)
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} http://xms.keynote.c...torLauncher.cab (Keynote Connector Launcher)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} https://www.gamespyid.com/alaunch.cab (GSDACtl Class)
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Yahoo! Audio UI1)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://real.gamehous...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave...bugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://38.112.40.106...1/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8DB0B6FB-914F-41DE-B89E-35D80F378640} http://kraisoft.com/...e/abcisland.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} http://consumerinput...ppy/dcainst.cab (Setup Class)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://ares.netgame....ch_USAv1002.cab (MGLaunch_USAv1001 Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab43895.cab (ZPA_TexasHoldem Object)
O16 - DPF: {AB1AB4F8-C30F-4FB4-A030-1C9F5513831F} http://media.grab.co...gameloader6.cab (LREGameLoaderCtrl Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} http://209.67.146.68.../ACNePlayer.cab (ACNPlayer2 Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game09.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab36107.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload....GPlugin9USA.cab (HGPlugin9USA Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...d/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab41227.cab (StadiumProxy Class)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/...WebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://148.213.21.243/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://real.gamehous...opcaploader.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} http://www.clickteam...e3/vitalize.cab (Reg Error: Key error.)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://games.pogo.co...ameLauncher.cab (Playtime Games Launcher)
O16 - DPF: {F992FDC0-DAA7-4774-B01C-E9DFF19FE0FE} http://online.invoke...7206/MILive.cab (Invoke Solutions MILive Participant Control(MR))
O16 - DPF: {FEF89F19-213D-4393-B739-AAC6876C147C} http://www.livetest....ivetest_bar.cab (VeriTest LiveTest Bar Activate)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab36385.cab (ZPA_Backgammon Object)
O16 - DPF: PCPitstop-Tracks-Checker http://pcpitstop.com...y/PCPTracks.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.raptisoft...tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B53F67C-A70F-4B8A-ACB0-E94E98853E2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\WINDOWS\system32\logonuiX.exe) -C:\WINDOWS\system32\logonuiX.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - (C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/26 16:17:06 | 000,000,646 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/07/08 20:03:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.111 -- [ NTFS ]
O32 - AutoRun File - [2004/12/01 13:43:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/08 20:03:25 | 000,000,216 | ---- | M] () - C:\AUTOEXEC.BTM -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 18:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 02:27:40 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 17:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/09 17:32:09 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/12/09 17:32:09 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/12/09 17:32:09 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/12/09 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2011/12/09 15:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/12/09 15:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/12/08 16:12:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/08 16:06:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/08 16:06:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/08 16:06:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/08 16:06:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/08 16:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/08 16:05:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/07 14:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/07 07:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/06 10:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCsoft
[2011/12/06 08:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott Lembke\Application Data\NVIDIA
[2011/12/06 08:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott Lembke\Application Data\Ventrilo
[2011/12/06 08:27:49 | 001,039,979 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\GameHouse Holiday Screensaver.scr
[2011/12/06 08:27:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\GameHouse Holiday Screensaver Uninstaller
[2011/12/06 08:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ventrilo
[2011/12/06 08:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2011/12/06 08:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/12/06 06:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/06 06:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/06 06:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/12/06 06:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/29 19:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2011/11/29 17:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/11/18 05:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2005/06/06 15:06:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 30 Days ==========

[2011/12/09 17:41:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/09 17:35:28 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/09 17:35:28 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/09 17:32:07 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/12/09 17:32:07 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
[2011/12/09 17:26:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/09 17:18:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 17:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/09 17:18:21 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/09 17:18:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/09 17:17:56 | 3085,746,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 16:25:34 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job
[2011/12/09 16:09:06 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005UA.job
[2011/12/08 16:37:10 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 16:12:23 | 000,000,333 | RHS- | M] () -- C:\boot.ini
[2011/12/08 12:22:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\System32\1T620675.com_
[2011/12/08 12:22:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1T620675.com.b
[2011/12/08 11:09:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2346052729-578072215-3671603298-1005Core.job
[2011/12/08 08:22:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1S778D.dat
[2011/12/07 12:25:57 | 000,000,216 | ---- | M] () -- C:\Boot.bak
[2011/12/07 11:19:04 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/12/07 06:57:11 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Holiday Bonus.lnk
[2011/12/07 06:56:43 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Delicious Emilys True Love Premium Edition.lnk
[2011/12/06 10:37:13 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Lineage II.lnk
[2011/12/06 10:35:39 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCsoft Launcher.lnk
[2011/12/06 08:27:29 | 000,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/06 08:27:27 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/12/06 06:26:09 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/06 06:22:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/02 13:41:02 | 001,173,022 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\google-reader-shortcuts-new.pdf
[2011/12/01 15:32:34 | 001,039,979 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\GameHouse Holiday Screensaver.scr
[2011/11/30 23:19:04 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2011/11/30 23:18:58 | 000,163,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2011/11/24 11:12:12 | 000,306,184 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\HPIM0359.JPG
[2011/11/21 19:34:48 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/21 13:46:25 | 000,285,176 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/21 13:46:25 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/21 13:24:39 | 000,242,268 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/18 23:10:01 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Google Chrome.lnk
[2011/11/18 23:10:01 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 05:43:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 18:02:47 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/16 17:17:52 | 001,605,009 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\gmail-guide.pdf
[2011/11/16 17:16:56 | 002,317,148 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Speak_Internet_xHTML.pdf
[2011/11/16 17:13:11 | 003,022,940 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Ubuntu_Old_Computer_New_Life.pdf
[2011/11/16 17:12:23 | 002,118,695 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Android_Guide.pdf
[2011/11/13 16:07:10 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Get More Games at PlayFirst.com.lnk
[2011/11/13 16:07:10 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Scott Lembke\Desktop\Diner Dash - Flo on the Go.lnk

========== Files Created - No Company Name ==========

[2011/12/09 17:32:09 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/12/09 15:21:50 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
[2011/12/08 16:12:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/08 16:06:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/08 16:06:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/08 16:06:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/08 16:06:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/08 16:06:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/08 12:49:19 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com_
[2011/12/08 12:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com.b
[2011/12/08 08:22:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1S778D.dat
[2011/12/07 06:57:11 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Holiday Bonus.lnk
[2011/12/07 06:56:43 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Delicious Emilys True Love Premium Edition.lnk
[2011/12/06 10:37:13 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Desktop\Lineage II.lnk
[2011/12/06 10:35:39 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCsoft Launcher.lnk
[2011/12/06 08:27:27 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2011/12/06 08:26:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/12/06 06:26:09 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/02 13:41:02 | 001,173,022 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\google-reader-shortcuts-new.pdf
[2011/11/29 17:09:49 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/11/22 05:57:13 | 3085,746,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/21 19:34:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/18 05:43:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/16 17:17:52 | 001,605,009 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\gmail-guide.pdf
[2011/11/16 17:16:56 | 002,317,148 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Speak_Internet_xHTML.pdf
[2011/11/16 17:13:11 | 003,022,940 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Ubuntu_Old_Computer_New_Life.pdf
[2011/11/16 17:12:23 | 002,118,695 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\My Documents\MakeUseOf.com_-_Android_Guide.pdf
[2011/11/13 16:07:10 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Desktop\Diner Dash - Flo on the Go.lnk
[2011/10/05 14:58:35 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/09/10 21:21:03 | 000,000,969 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2011/06/13 18:47:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/19 16:50:08 | 000,242,268 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/19 16:49:49 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/19 16:49:49 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/19 23:50:48 | 000,143,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/10 19:57:09 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/10 19:57:09 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/21 17:27:42 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/07/10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/05/29 18:15:07 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/02 20:47:47 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2008/12/23 08:04:06 | 000,008,325 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2008/08/21 14:39:04 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/19 14:47:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2008/04/13 16:36:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2008/03/01 07:56:54 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2007/11/23 09:52:01 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/10/10 13:03:41 | 000,000,148 | ---- | C] () -- C:\WINDOWS\clientshell.INI
[2007/09/30 10:43:15 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LIBMYSQL.DLL
[2007/05/26 10:32:28 | 000,026,288 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006/12/25 11:12:23 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2006/12/25 11:12:11 | 000,065,024 | ---- | C] () -- C:\WINDOWS\IFinst26.exe
[2006/12/19 16:07:12 | 000,007,522 | ---- | C] () -- C:\WINDOWS\langorig.ini
[2006/12/07 17:43:39 | 000,000,689 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2006/11/08 07:57:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/08 07:57:10 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/23 13:42:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/09/28 00:13:38 | 000,015,921 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Application Data\.googlewebacchosts
[2006/09/07 04:29:29 | 000,000,078 | ---- | C] () -- C:\WINDOWS\savers.ini
[2006/08/11 11:15:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ToonClock.ini
[2006/07/29 16:31:57 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2006/07/07 21:17:14 | 000,290,816 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCT1.DLL
[2006/07/02 09:02:15 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\.mpid
[2006/06/18 11:49:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\IrisAPE.ini
[2006/06/16 17:16:17 | 000,243,788 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCTDR.dll
[2006/06/16 17:16:17 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\MSVRCTD.DLL
[2006/06/13 17:16:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2006/06/13 17:15:59 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2006/06/13 17:11:54 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/06/12 13:47:55 | 000,000,316 | ---- | C] () -- C:\WINDOWS\bbbconfig.dat
[2006/06/11 14:47:33 | 000,000,155 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/06/10 07:32:16 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2006/05/26 16:47:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\ntvdn.dll
[2006/04/16 20:43:22 | 000,080,384 | ---- | C] () -- C:\WINDOWS\gamedelete.exe
[2006/04/02 00:20:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/24 23:33:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/03/08 19:01:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\livetest_bar.ini
[2006/03/04 18:38:55 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall windowswasherss.exe
[2006/03/04 18:37:47 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall XP Icon Wars by Lady Di.exe
[2006/03/04 18:35:43 | 000,219,046 | ---- | C] () -- C:\WINDOWS\uninstall Smooth Sailing By Lady Di.exe
[2006/03/04 18:33:50 | 000,166,806 | ---- | C] () -- C:\WINDOWS\uninstall What Dreams May Come.exe
[2006/03/04 15:40:43 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/02/20 11:39:56 | 000,001,448 | ---- | C] () -- C:\WINDOWS\npdor.ini
[2006/01/10 18:42:39 | 000,000,674 | ---- | C] () -- C:\WINDOWS\CheckIt.INI
[2005/12/30 18:16:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2005/12/30 18:03:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\PCSPATS.DAT
[2005/12/27 15:35:15 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/27 15:35:06 | 000,005,107 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/12/24 21:28:51 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/20 10:35:46 | 000,003,717 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/19 19:41:46 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/19 19:41:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/08/29 14:49:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/08/27 19:02:52 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2005/08/06 21:36:15 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:24:53 | 000,000,652 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2005/07/28 20:33:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\GUIDIN~1.ini
[2005/07/28 20:32:20 | 000,000,057 | ---- | C] () -- C:\WINDOWS\RETURN~1.ini
[2005/07/24 14:11:40 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2005/07/08 19:43:27 | 000,000,110 | ---- | C] () -- C:\WINDOWS\hodjpodj.ini
[2005/07/04 15:52:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/07/04 15:52:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/07/04 15:52:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/07/04 14:13:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WAR2R.INI
[2005/07/01 19:28:26 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/01 17:28:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/06/09 13:15:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Application Data\wklnhst.dat
[2005/06/03 21:40:15 | 000,000,158 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/06/03 20:30:20 | 000,000,386 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/05/26 18:39:36 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/05/25 18:34:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\Gksui16.exe
[2005/05/24 16:46:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2005/05/21 19:06:37 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Scott Lembke\Local Settings\Application Data\fusioncache.dat
[2005/05/21 18:53:32 | 000,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/05/21 18:53:32 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/22 18:40:51 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/22 18:35:12 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/02/22 18:34:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/22 18:34:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/22 18:34:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/22 18:34:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/22 18:34:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/22 18:34:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/02/22 18:33:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/22 18:28:50 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/12/01 16:35:28 | 000,606,208 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2004/12/01 15:43:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 15:16:58 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/12/01 15:16:58 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004/12/01 15:16:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2004/12/01 14:49:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2004/12/01 13:51:57 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 13:45:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/01 13:40:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/12/01 12:29:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 12:28:46 | 000,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 12:28:15 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/01 12:28:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/12/01 12:28:13 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/01 12:28:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/12/01 12:28:13 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/01 12:28:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/12/01 12:28:13 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/01 12:28:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/12/01 12:28:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/12/01 12:28:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/12/01 12:28:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/12/01 12:28:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/12/01 05:35:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/01 05:34:29 | 000,234,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/04 11:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 19:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2007/03/02 14:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-66-66-pr-50-3o
[2010/09/18 08:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/02/11 09:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/06/10 13:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
[2011/04/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2009/03/23 09:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons Family Resort
[2008/03/27 08:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2011/06/14 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avalon-Legends-Solitaire
[2011/05/05 18:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2007/11/27 11:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2009/02/11 09:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2010/11/22 20:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drivers.com
[2006/04/18 15:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/01/06 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2007/08/22 09:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010/12/16 15:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2010/04/08 14:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2011/05/15 18:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2008/04/02 12:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2009/09/09 18:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup
[2008/06/25 08:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/02/27 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2007/05/16 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/07/31 05:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2011/08/05 06:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2006/05/20 22:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameBlend
[2010/03/10 07:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/09/23 15:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesCampus
[2009/09/12 19:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/02/05 06:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008/06/24 11:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2011/12/07 10:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2011/09/18 12:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011/08/04 09:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2010/12/20 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2010/11/27 11:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2011/08/04 12:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/12/20 10:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2008/12/09 18:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2011/04/15 06:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/10/10 08:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/02/07 14:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kayo Games
[2011/02/24 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2007/08/30 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
[2008/06/25 07:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/19 17:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marginal Team
[2009/06/16 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2009/10/22 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010/04/09 19:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2008/02/20 13:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2005/08/06 08:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/04/02 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/01 18:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2007/04/11 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/09/02 14:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/08/22 08:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2011/09/10 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009/09/29 13:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/16 16:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2011/07/30 10:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Outspark
[2011/12/09 14:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/12/06 06:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2005/07/02 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2011/08/01 08:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Play
[2011/08/24 13:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/07/25 08:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/01 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2011/09/23 08:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/11 07:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2005/05/22 20:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/10/10 19:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/18 21:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2007/10/20 08:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/08/24 13:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/04/07 11:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shockwave
[2005/11/19 21:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2009/05/18 16:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2005/07/24 14:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/04/04 16:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2007/12/29 10:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTopV1004
[2009/01/30 10:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2011/08/04 09:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2008/07/30 09:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2011/01/16 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/01/11 10:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/08/22 18:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/01 05:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/12/16 09:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wrinkle-free Games
[2007/08/30 12:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/12/06 06:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/09/16 19:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\.gaim
[2005/06/04 14:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\absolutist.com
[2010/09/18 08:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\AGI
[2006/12/04 16:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\aignes
[2011/06/10 13:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\AlawarSouthpoint
[2011/04/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\aliasworlds
[2011/07/25 11:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Anarchy
[2008/10/21 06:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BFG_JanesRealty
[2010/12/30 08:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Big Fish Games
[2009/03/05 18:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitCometLite
[2011/07/30 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitTorrent
[2009/09/05 09:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\BitZipper
[2011/05/05 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\blg
[2011/07/25 08:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Daedalic Entertainment
[2011/09/24 08:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Dekovir
[2011/05/07 10:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\DivoGames
[2006/04/18 20:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\EA
[2005/09/02 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\eGames
[2011/07/30 10:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\eMusic
[2008/01/01 12:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Eyeblaster
[2009/06/13 13:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Faerie Solitaire
[2010/03/01 06:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Flood Light Games
[2010/08/12 15:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\FOG Downloader
[2007/10/06 14:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ForgottenRiddles
[2011/12/07 12:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Free Download Manager
[2011/02/01 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Friday's games
[2011/05/24 06:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\funkitron
[2006/05/20 22:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GameBlend
[2009/01/08 17:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GameInvest
[2008/12/13 13:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Gamelab
[2010/05/30 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GamesCafe
[2009/01/17 09:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GarageGames
[2010/08/03 18:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GetRightToGo
[2010/11/27 08:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\GTM_Bodie
[2011/09/19 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Hephaestus
[2011/03/23 05:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Hotdog Hotshot
[2010/02/01 11:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ijjigame
[2011/01/30 09:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\InImages
[2005/05/21 18:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\InterMute
[2006/12/19 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\iScreensaver
[2009/05/16 20:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\ITTerritory
[2008/03/16 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\iWin
[2011/08/07 18:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Janes Realty2
[2005/06/21 16:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Keynote Systems
[2011/11/05 20:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Kutawaves Game
[2005/11/15 22:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Leadertech
[2010/04/06 21:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\LimeWire
[2005/07/30 15:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\LRE Web Games
[2008/03/29 00:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Ludia
[2009/10/22 17:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Merscom
[2006/01/24 21:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Mind Control Software
[2011/07/23 15:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Mystery of Mortlake Mansion
[2009/09/29 13:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\NeopleLauncherDFO
[2006/08/14 08:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\NHN Corporation
[2008/07/12 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\OverDrive
[2010/07/11 11:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Peace Craft
[2011/04/25 07:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PeaceCraft2
[2011/08/31 08:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PeaceCraft3
[2011/05/29 14:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Ph03nixNewMedia
[2011/11/13 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PlayFirst
[2011/07/21 20:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\playmink
[2011/03/12 13:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Playrix Entertainment
[2008/07/02 20:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\PSGame
[2005/10/07 19:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Raptisoft
[2009/04/17 18:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\RdrSoftHope
[2005/11/25 23:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Retro64 Computer Games
[2011/10/24 18:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\RIFT
[2010/04/24 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\runic games
[2011/08/27 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Sony Online Entertainment
[2009/01/17 12:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Spellborn Downloader
[2011/10/06 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\spiral
[2011/12/05 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Spotify
[2011/11/03 16:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\StoneTrip
[2011/09/08 19:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\SystemRequirementsLab
[2006/03/04 17:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Template
[2010/01/19 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Trillian
[2010/11/19 19:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\TS3Client
[2009/09/30 01:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Turbine
[2011/07/07 16:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Unity
[2005/11/19 01:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\uqm
[2008/07/05 10:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\VTExtra
[2011/10/05 15:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Webshots
[2010/09/18 08:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2005/08/27 20:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\Wildfire
[2008/03/22 22:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\WildTangent
[2008/10/31 22:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\X-Chat 2
[2010/05/14 22:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\yoclient
[2009/07/17 14:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott Lembke\Application Data\YoudaGames
[2011/12/09 16:25:34 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F14F3AA3-99C7-4134-B669-5787FD707243}.job

========== Purity Check ==========



< End of report >
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just some orphans to remove now

Once these runs have completed can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/08 12:49:19 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com_
    [2011/12/08 12:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1T620675.com.b
    [2011/12/08 08:22:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1S778D.dat

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Well now when I do the OTL like you said it goes all the way which says on the bar 'Processing complete!' And the red bar is all the way to the end(right side) and nothing is happening. Even the computer is quiet and doing nothing. What should I do??? Thank you.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Manually reboot and then run MBAM please - then let me know if the computer is behaving itself
  • 0

#15
JScottL

JScottL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the MBAM report only since we did not get a report OTL because of reboot. The computer seems to be running very well now. :thumbsup:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8348

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/10/2011 1:23:52 PM
mbam-log-2011-12-10 (13-23-52).txt

Scan type: Quick scan
Objects scanned: 252087
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\scott lembke\my documents\downloads\103168.exe (Adware.Relevant) -> Quarantined and deleted successfully.
c:\documents and settings\scott lembke\my documents\downloads\Winter.exe (Adware.Relevant) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP