Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run .exe files or any system programs [Solved]

Started by Audaciter , Sep 21 2012 07:07 PM

  • This topic is locked This topic is locked

#1
Audaciter
Posted 21 September 2012 - 07:07 PM

Audaciter

    Member

  • Member
  • PipPip
  • 12 posts
System also isn't recognizing .bat. The computer is running Windows XP

I've been working on this for a while. It's my dad's computer, and he didn't have any anti-virus program running. Nothing on the computer was working correctly. I couldn't even open notepad or a command prompt. I ran two rescue programs that boot to linux and scan -- Dr. Web Live and AVG. They both found several infections and removed them, but the computer still wouldn't work correctly, and I couldn't install anything and run it.

I did get the internet working, and I was able to run eset's online scanner. It again found infections and removed them, but the computer has still disabled most file extensions. I then removed the hard drive and scanned it with another computer using emsisoft's emergency scanner. It removed more infections, but the computer still wouldn't run anything.

Right now, the programs that show up in the start menu are being viewed by the system as .pdf (meaning they have the Acrobat icon next to them), including system restore, notepad, windows messenger, and the programs I've downloaded to try to restore the registry.

I found some instructions for the Doug Knox fix, but I wasn't able to use it on this computer. If there is a way to use it with the hard drive plugged into a dock and attached to another computer, I could try correcting it that way, but I don't know how to do it.

I also tried using rkill and exehelper available at http://www.geekstogo...t-run-tutorial/
No luck.

I also manually went through the Windows and system32 folders and removed a few programs after looking them up on a few different sites. One was a program designed to convert anything to a pdf, so I guessed that that had something to do with the behavior of the malware, and another one called twunk_32 or something like that. I doubt this information really matters, but I'm trying to be thorough.

I would really appreciate someone's help. I could re-install windows, but at this point I'm taking it a little personally that I can't fix this thing.

Edited by Audaciter, 21 September 2012 - 08:59 PM.

  • 0

Advertisements

#2
Essexboy
Posted 22 September 2012 - 04:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can understand the determination not to be beaten .. So lets see if we can beat this together

This verison of OTL runs a screensaver, so to get it to your desktop you will need to right click the link and select save as to your desktop. If this fails are you able to use another computer to burn a CD ?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Audaciter
Posted 22 September 2012 - 06:50 AM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
That didn't work.

I forgot to mention that when I go to help forums like geekstogo on that computer, a large black square appears over top of the browser
window to try to prevent me from seeing what is displayed. I was still able to follow the link in this case by stopping the page from
loading just before it loaded completely, but I thought that might be worth mentioning. The malware also automatically links the word "Download" anywhere it appears to
a site that is set up to look as if it is affiliated with IBM. So in your reply to me, the word "Download" was linked to that site. I can
see on my good computer that you didn't intend it that way.

I can burn to a cd. Would you like me to burn OTL to a cd?
  • 0

#4
Essexboy
Posted 22 September 2012 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets do it that way

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
Audaciter
Posted 22 September 2012 - 07:40 AM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Do I still need to paste:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT

into a custom scan box when running it this way?
  • 0

#6
Essexboy
Posted 22 September 2012 - 07:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could do that it would be a bonus :)
  • 0

#7
Audaciter
Posted 22 September 2012 - 08:19 AM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The program did not ask me for a location or anything about loading the remote registry. It did ask me which user I would like to run as and I chose Administrator. Here is the log. Thanks for your help:

OTL logfile created on: 9/22/2012 11:07:02 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.62 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2012/09/20 20:06:31 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 10:32:32 | 000,107,520 | ---- | M] () [Auto] -- C:\Documents and Settings\amy\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () [Auto] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cerc6)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE BA F4 D6 2B 90 CD 01 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\amy_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\amy_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\amy_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\amy_ON_C\..\URLSearchHook: {f122b94e-0c50-13c4-c9d3-893faefad90b} - C:\Program Files\Shop to Win 27\Helper.dll ()
IE - HKU\amy_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/02/05 12:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Documents and Settings\amy\Application Data\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\amy\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Shop to Win) - {EE146ACC-D881-1414-2148-B1D008B47ADB} - File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\amy_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\amy_ON_C..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\Administrator_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\amy_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 15:09:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 08:40:01 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/21 20:16:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2012/09/21 18:35:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 16:05:55 | 005,077,368 | ---- | C] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 15:59:42 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:46:58 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/20 20:06:23 | 009,573,296 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/09/20 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/13 12:29:43 | 129,728,496 | ---- | C] (Emsisoft GmbH ) -- C:\Documents and Settings\Administrator\Desktop\WebVaccineSetup.exe
[2012/09/13 12:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/09/13 12:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/09/12 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Desktop\Emergency Scanner
[2012/09/11 13:44:47 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/10 15:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/09/10 15:25:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/09/10 15:25:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/09/10 15:25:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/09/10 15:25:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/09/10 15:25:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/09/10 15:25:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/09/10 15:25:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/09/10 15:25:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/09/10 15:25:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/09/10 15:25:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/09/10 15:25:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/09/10 15:25:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/09/10 15:25:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/09/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/09/10 15:25:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/29 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/08/29 10:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\My Documents\ShopToWin
[2012/08/29 10:34:43 | 000,000,000 | ---D | C] -- C:\extensions
[2012/08/29 10:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\Qwiklinx
[2012/08/29 10:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Qwiklinx
[2012/08/29 10:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\FCTB000100565
[2012/08/29 10:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Start Menu\Programs\Shop to Win 27
[2012/08/29 10:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 27
[2012/08/29 10:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Shop To Win
[2012/08/29 10:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2012/08/29 10:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\DefaultTab
[2012/08/29 10:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/08/29 10:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
[2012/08/29 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\Yahoo!
[2012/08/29 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/08/27 16:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2012/08/27 15:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/27 15:36:50 | 000,642,432 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2012/08/27 15:36:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/27 15:36:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/27 15:36:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/27 15:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\InstallShield
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 09:52:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 09:22:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/22 09:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 08:41:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/22 03:27:28 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/22 03:17:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/09/22 03:17:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/22 03:17:23 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/21 21:26:55 | 119,091,200 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/09/21 16:06:22 | 005,077,368 | ---- | M] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 16:00:12 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:47:21 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/21 10:31:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/09/20 20:06:29 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/20 20:06:28 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/20 20:06:24 | 009,573,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/09/13 12:30:02 | 129,728,496 | ---- | M] (Emsisoft GmbH ) -- C:\Documents and Settings\Administrator\Desktop\WebVaccineSetup.exe
[2012/09/12 18:15:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/11 13:44:54 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/09/11 13:16:43 | 180,195,553 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\EmsisoftEmergencyKit.zip
[2012/08/29 11:01:00 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/29 11:01:00 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/29 10:31:56 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
[2012/08/28 20:44:54 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/08/28 14:30:49 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 11:14:53 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/08/28 11:14:53 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/08/28 11:14:53 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/08/28 11:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/08/28 11:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/08/28 11:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/08/28 11:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/08/28 11:14:53 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/28 11:14:53 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/08/28 11:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/08/28 11:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/08/28 11:14:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/08/28 11:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/08/28 11:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/08/28 11:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/08/28 11:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/08/28 11:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/08/28 11:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/08/28 11:14:52 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/08/28 11:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/08/28 11:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/08/28 11:14:52 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/08/28 11:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/08/28 11:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/08/28 11:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/08/28 11:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/08/28 10:11:53 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/28 09:26:18 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/08/28 08:07:15 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/08/28 03:21:08 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/27 15:45:36 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/21 21:26:51 | 119,091,200 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/09/11 13:16:37 | 180,195,553 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\EmsisoftEmergencyKit.zip
[2012/09/10 15:25:44 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/09/10 15:25:44 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/08/29 10:35:22 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/08/29 10:35:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/08/29 10:31:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/28 14:30:48 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 10:11:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/27 15:45:36 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url
[2012/08/27 15:45:20 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/27 15:36:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/06/16 16:54:40 | 000,002,956 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2012/04/17 03:34:26 | 000,965,423 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-842925246-1417001333-1644491937-1003-0.dat
[2012/04/17 03:34:24 | 000,274,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/15 15:16:32 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/09 22:50:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/02/14 14:41:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 12:40:16 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/19 11:52:59 | 000,000,453 | ---- | C] () -- C:\Program Files\1119201110525990.bat
[2011/11/12 09:58:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/11/12 09:52:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/12 09:51:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 15:12:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 15:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 10:00:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 09:59:47 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,076,170 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 12:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 12:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2012/06/16 17:07:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\amy\Application Data\.#
[2012/06/23 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\8floor
[2012/05/26 21:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\A2 Entertainment
[2012/02/12 21:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Aidem Media
[2012/04/12 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar
[2012/01/09 08:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar Entertainment
[2012/06/09 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar Stargaze
[2012/07/21 07:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\aliasworlds
[2012/06/09 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Anuman
[2012/05/13 11:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Artifex Mundi
[2012/06/03 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Be a King 2
[2012/04/12 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Big Fish Games
[2012/02/22 19:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\bigwig_media
[2012/07/28 00:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\BlamGames
[2012/06/17 11:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Boomzap
[2011/12/22 19:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Brabl
[2011/11/12 12:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\BumpkinBrothers
[2011/12/11 18:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Casual Arts
[2012/03/25 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\casualArts
[2012/06/17 13:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\cerasus.media
[2011/12/17 15:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Colibri Games
[2012/06/10 01:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\CoronationStreetPC
[2012/06/10 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Crown
[2012/08/29 10:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DefaultTab
[2011/12/24 15:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\dekovir
[2012/05/17 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Dereza
[2011/12/04 00:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DieselPuppet
[2012/04/12 15:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DivoGames
[2011/12/19 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DriverCure
[2012/05/15 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\eGames
[2011/11/12 22:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Elephant Games
[2012/03/18 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Enchanted Katya
[2011/11/14 19:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FamilyVacationCalifornia
[2012/07/28 11:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FarmFables
[2012/08/29 10:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FCTB000100565
[2012/06/09 12:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FirstColony
[2011/11/26 19:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Freeze Tag
[2012/03/24 14:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\freshgames
[2012/07/27 21:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Fugazo
[2012/03/21 17:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\funkitron
[2012/03/24 22:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Gaijin Ent
[2011/12/10 19:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameCards
[2012/04/12 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameHouse
[2012/06/09 14:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameInvest
[2011/12/24 10:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\gogii
[2012/04/12 15:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Green Clover Games
[2012/02/13 08:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Happy Artist Studio
[2012/01/14 10:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Happy Chef
[2011/11/26 18:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\HdO Adventure
[2012/06/09 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\HipSoft
[2012/01/15 16:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\InImages
[2012/04/15 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands
[2012/04/11 07:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands2
[2011/12/22 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands3
[2012/07/29 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\iWin
[2012/06/15 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\iWinG
[2012/04/22 09:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\JoyBits
[2012/05/26 10:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Jumb-O-Fun Games
[2012/05/12 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\LegacyGames
[2012/04/22 16:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\MagicIndie
[2012/02/05 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Maximize Games
[2012/04/21 10:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Mean Hamster
[2012/06/16 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Meridian93
[2011/12/17 15:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\MumboJumbo
[2011/11/12 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Mysteryville2
[2012/06/23 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Namco
[2012/03/28 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\NevoSoft Games
[2012/06/17 08:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Nevosoft-Breeze
[2011/11/19 10:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Oberon Media
[2012/01/15 17:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PathToSuccess
[2011/11/15 18:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Peace Craft
[2011/11/16 17:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PeaceCraft2
[2011/11/12 16:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PetRush
[2012/04/21 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Ph03nixNewMedia
[2012/07/07 21:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Pirateville
[2012/06/09 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PlayFirst
[2012/04/12 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\playmink
[2012/06/03 17:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Playrix Entertainment
[2012/06/16 17:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Pogo Games
[2012/06/25 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PriceGong
[2012/06/23 09:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Publisher
[2012/08/29 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Qwiklinx
[2012/07/04 21:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Rainbow
[2012/04/12 15:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\RunningPillow
[2012/04/12 15:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Sahmon Games
[2011/12/03 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Scholastic
[2012/07/07 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\searchquband
[2012/07/07 19:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\searchqutoolbar
[2011/12/12 15:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SMIGames
[2011/12/19 20:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SpeedyPC Software
[2012/02/04 15:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SpinTop Games
[2012/06/09 10:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SulusGames
[2012/06/10 18:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\TheMissingMonaLisa
[2012/04/12 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\VendelGAMES
[2011/12/31 08:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\ViquaSoft
[2012/04/28 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WeatherLord
[2012/04/12 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WendigoStudios
[2012/08/19 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WildTangent
[2012/04/12 15:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\World-Loom
[2012/07/11 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\YoudaGames
[2012/02/05 12:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\ZiggyTV
[2012/06/23 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\8floor
[2012/01/12 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2012/04/29 05:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/11/11 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/07/07 19:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/10 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/03/25 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/01/07 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/12/11 18:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/01/21 17:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2012/06/10 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crown
[2012/05/15 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2012/07/01 18:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2011/12/11 01:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2012/07/29 20:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2012/07/28 23:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2012/07/22 21:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2012/03/28 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2012/03/18 14:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2012/05/28 20:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2012/05/15 18:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings
[2012/05/28 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2011/11/12 17:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2012/05/27 12:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/05/16 17:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GabCab
[2011/12/10 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/12/24 10:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gogii
[2012/03/11 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2012/02/13 08:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2012/07/23 07:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/08/19 09:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2012/03/18 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2012/03/24 14:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/11/11 20:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2012/06/15 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWinG
[2012/02/05 07:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2012/01/22 12:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2012/02/05 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/04/21 10:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2012/03/18 12:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/08/06 18:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/03/29 03:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2012/06/23 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/06/17 08:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2012/07/02 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2012/08/29 10:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/06/09 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/06/03 19:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2012/03/04 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2012/06/23 09:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Publisher
[2012/06/09 07:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PuzzlesByJoe
[2012/04/14 13:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RescueFrenzy
[2012/04/14 21:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2012/06/09 13:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/12/21 19:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/13 19:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpookyMall
[2011/12/10 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2012/01/08 12:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2012/03/18 13:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2012/08/19 00:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/26 17:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ToyDefense
[2011/12/11 18:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm2
[2012/04/28 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeatherLord
[2012/08/19 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/03/28 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/09/22 03:17:32 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
[2012/09/21 10:31:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job

========== Purity Check ==========



========== Custom Scans ==========


< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/12/19 20:34:09 | 000,001,602 | ---- | M] () MD5=0A9973A747A6F34CFA462DDC7675A16C -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/04/22 15:37:16 | 000,002,075 | ---- | M] () MD5=D3CA435307660EA24CF0187D6ED8CD45 -- C:\Documents and Settings\amy\Application Data\Macromedia\Flash Player\#SharedObjects\FJ2MUAA4\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C12CFCD
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45C55624
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:195E8317
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:391535F9
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78696BCD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A039EDF9
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE3ABE3D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE0A077E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A99299
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B86642C5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5506D17E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E153075C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE289451
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A18F36
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC56E61
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE52088
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2502B755
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05582920
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0483BBEB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E56E607B
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC636E9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:013CE219
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42390E15
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D33169E5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D288858
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:744022A1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68198EE3
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA18A7D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E2D49E0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E61938B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFCB5A35
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67947AF
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFF71B94
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71380EB5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1FEFDE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C21784C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7FFE8AF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73879882
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:415F73A0
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:138A0A84
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94369
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0848D16
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3E37DC
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6423D635
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56A74E89
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2588B7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC1F7CAE
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB718C46
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8D7701E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1AE40C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE982EA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4FAE31
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C82210DD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756A3FF0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB541C4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C458CC0A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64798F2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6B07419
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1A86E40
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466FA8C3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF73BE4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:274516E7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242E63C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C1A5F4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7BFD87
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6537A16
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6EC5C2A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADF2274
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A13B1B25
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D3515D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084612C9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D453E38B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D36E068F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC20936
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:479B1CF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E52E4F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0553E73
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B78E79
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4BD225
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13893338
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF19F127
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CBEC5B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0AB0B4A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA24E689
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1128200
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDFD746
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EB6E559
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2636DE16
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A53FC92
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E54A89
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C7A32BB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE4216C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F740FCB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28819F45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBA79096
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2327E82
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEABFEC4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902C848D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDD2723
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7425C891
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517EFA90
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D4041D5
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAFAD1DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:597254A1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351730E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193E86E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79FDF8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:796EE7C8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57619D72
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21413B8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC8F261A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC0528D9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB422E00
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:716BF8D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14F07CC4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F164CEA1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD95E6D9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65621319
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:966CEAE7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95079543
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3A6CA11
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB2162E
< End of report >
  • 0

#8
Essexboy
Posted 22 September 2012 - 08:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=60679:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#9
Audaciter
Posted 22 September 2012 - 10:50 AM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I still can't run anything in regular windows. The only program that looks ready to run is that Vipre program.
Should I boot into OTL PE again and generate a new log that way?

Edited by Audaciter, 22 September 2012 - 10:53 AM.

  • 0

#10
Essexboy
Posted 22 September 2012 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have a windows CD ?

Go start > run and type in cmd
In the black box that opens type :

assoc .bat=batfile

Then try to run this batch file

[attachment=60687:xp_fileassoc.bat]
  • 0

Advertisements

#11
Audaciter
Posted 22 September 2012 - 03:20 PM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I do have a Windows cd for it, but it says Windows for refurbished PCs, so I assumed that meant OEM, and the Windows instructions I found for restoring file associations said that I shouldn't use them with an OEM copy of Windows.

That last fix appears to have worked. Would you mind if I asked you a couple of questions about what we did?

Here are the logs:

OTL logfile created on: 9/22/2012 6:10:38 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\amy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.55% Memory free
4.82 Gb Paging File | 4.32 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.50 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 3.64 Gb Free Space | 48.93% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 08:41:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/20 21:52:28 | 000,211,256 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\amy\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/09/20 20:06:31 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1BAA63B8-311D-4D8A-A7FC-BDE49DC27391}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{7E2AA370-D0C1-4D13-B601-7ACE4DC605C1}: "URL" = http://websearch.ask...0-61455391E332
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1678857
IE - HKCU\..\SearchScopes\{C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}: "URL" = http://www.google.co...1I7GGHP_enUS457
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQnvcl2Wd&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/02/05 12:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{471730F7-C084-4165-964C-2475692AC721}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F56442-3B47-4E0B-9E32-3661C5731B84}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 15:09:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/08/30 10:39:02 | 000,000,112 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f659795b-0b06-11e1-a77c-80d1a08597a5}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{f659795d-0b06-11e1-a77c-80d1a08597a5}\Shell\AutoRun\command - "" = Install.exe
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell - "" = AutoRun
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 13:40:21 | 000,101,112 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/09/22 13:40:21 | 000,042,864 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/09/22 13:39:54 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/22 13:33:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 08:40:01 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/21 20:16:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2012/09/21 18:35:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 16:05:55 | 005,077,368 | ---- | C] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 15:59:42 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:46:58 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/20 20:06:23 | 009,573,296 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/09/20 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/12 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Desktop\Emergency Scanner
[2012/09/10 15:25:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/29 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/08/29 10:34:43 | 000,000,000 | ---D | C] -- C:\extensions
[2012/08/29 10:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/08/29 10:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
[2012/08/29 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\Yahoo!
[2012/08/29 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/08/27 16:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2012/08/27 15:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/27 15:36:50 | 000,642,432 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2012/08/27 15:36:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/27 15:36:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/27 15:36:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/27 15:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\InstallShield
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 18:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 17:22:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/22 13:46:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/22 13:36:44 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/09/22 13:36:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/22 13:36:32 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/22 13:36:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 08:41:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/21 21:26:55 | 119,091,200 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/09/21 16:06:22 | 005,077,368 | ---- | M] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 16:00:12 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:47:21 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/21 10:31:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/09/20 20:06:29 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/20 20:06:28 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/20 20:06:24 | 009,573,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/09/12 18:15:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/29 11:01:00 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/29 11:01:00 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/29 10:31:56 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/28 20:44:54 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/08/28 14:30:49 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 11:14:53 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/08/28 11:14:53 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/08/28 11:14:53 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/08/28 11:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/08/28 11:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/08/28 11:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/08/28 11:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/08/28 11:14:53 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/28 11:14:53 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/08/28 11:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/08/28 11:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/08/28 11:14:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/08/28 11:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/08/28 11:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/08/28 11:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/08/28 11:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/08/28 11:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/08/28 11:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/08/28 11:14:52 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/08/28 11:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/08/28 11:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/08/28 11:14:52 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/08/28 11:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/08/28 11:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/08/28 11:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/08/28 11:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/08/28 10:11:53 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/28 09:26:18 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/08/28 08:07:15 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/08/28 03:21:08 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/27 15:45:36 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/21 21:26:51 | 119,091,200 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/08/29 10:35:22 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/08/29 10:35:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/08/29 10:31:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/28 14:30:48 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 10:11:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/27 15:45:36 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url
[2012/08/27 15:45:20 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/27 15:36:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/06/16 16:54:40 | 000,002,956 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2012/04/17 03:34:26 | 000,965,423 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-842925246-1417001333-1644491937-1003-0.dat
[2012/04/17 03:34:24 | 000,274,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/15 15:16:32 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/09 22:50:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/02/14 14:41:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 12:40:16 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/19 11:52:59 | 000,000,453 | ---- | C] () -- C:\Program Files\1119201110525990.bat
[2011/11/12 09:58:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/11/12 09:52:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/12 09:51:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 15:12:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 15:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 10:00:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 09:59:47 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/03/08 20:38:40 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Macromedia\Flash Player\#SharedObjects\FJ2MUAA4\t.cxt.ms\lso.swf\u.sol
[2012/01/09 04:04:58 | 000,012,333 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\PriceGong\Data\l.txt
[2012/01/09 04:04:58 | 000,006,997 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\PriceGong\Data\n.txt
[2012/01/09 04:04:58 | 000,003,968 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\PriceGong\Data\u.txt
[2012/07/17 18:39:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C12CFCD
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45C55624
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:195E8317
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:391535F9
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78696BCD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A039EDF9
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE3ABE3D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE0A077E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A99299
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B86642C5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5506D17E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E153075C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE289451
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A18F36
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC56E61
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE52088
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2502B755
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05582920
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0483BBEB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E56E607B
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC636E9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:013CE219
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42390E15
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D33169E5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D288858
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:744022A1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68198EE3
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA18A7D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E2D49E0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E61938B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFCB5A35
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67947AF
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFF71B94
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71380EB5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1FEFDE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C21784C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7FFE8AF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73879882
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:415F73A0
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:138A0A84
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94369
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0848D16
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3E37DC
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6423D635
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56A74E89
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2588B7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC1F7CAE
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB718C46
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8D7701E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1AE40C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE982EA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4FAE31
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C82210DD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756A3FF0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB541C4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C458CC0A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64798F2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6B07419
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1A86E40
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466FA8C3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF73BE4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:274516E7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242E63C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C1A5F4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7BFD87
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6537A16
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6EC5C2A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADF2274
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A13B1B25
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D3515D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084612C9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D453E38B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D36E068F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC20936
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:479B1CF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E52E4F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0553E73
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B78E79
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4BD225
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13893338
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF19F127
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CBEC5B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0AB0B4A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA24E689
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1128200
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDFD746
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EB6E559
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2636DE16
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A53FC92
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E54A89
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C7A32BB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE4216C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F740FCB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28819F45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBA79096
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2327E82
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEABFEC4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902C848D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDD2723
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7425C891
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517EFA90
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D4041D5
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAFAD1DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:597254A1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351730E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193E86E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79FDF8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:796EE7C8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57619D72
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21413B8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC8F261A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC0528D9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB422E00
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:716BF8D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14F07CC4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F164CEA1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD95E6D9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65621319
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:966CEAE7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95079543
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3A6CA11
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB2162E

< End of report >

OTL Extras logfile created on: 9/22/2012 6:10:38 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\amy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 77.55% Memory free
4.82 Gb Paging File | 4.32 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.50 Gb Free Space | 74.49% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 3.64 Gb Free Space | 48.93% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\Program Files\Shop to Win 27\TroubleShooter.exe" = C:\Program Files\Shop to Win 27\TroubleShooter.exe:*:Enabled:Shop to Win 27 (Helper)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C1DD35C-59F6-4292-9E61-823286BF31E1}_is1" = Shop To Win
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{2E497885-E60B-420A-832D-0148B392E058}_is1" = Qwiklinx
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC Optimizer Pro" = PC Optimizer Pro
"PROPLUS" = Microsoft Office Professional Plus 2007
"Searchqu Toolbar" = Searchqu Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2012 7:26:29 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2012 2:05:02 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/9/2012 10:05:02 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/11/2012 1:05:02 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/27/2012 5:21:29 PM | Computer Name = HOME | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\QBooks\setup.exe for one of the
following reasons: there is a problem with the network connection, the disk that
the file is stored on, or the storage drivers installed on this computer; or the
disk is missing. Windows closed the program Setup.exe because of this error. Program:
Setup.exe File: D:\QBooks\setup.exe The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000240 Disk type: 5

Error - 8/27/2012 5:21:35 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 21.0.1.16, faulting module
setup.exe, version 21.0.1.16, fault address 0x000513ab.

Error - 8/27/2012 5:27:36 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2012 10:44:52 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2012 6:09:13 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iebho.dll, version 1.0.0.1, fault address 0x0006e5c7.

Error - 9/21/2012 8:31:01 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 7/28/2012 7:26:29 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/30/2012 2:05:02 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/9/2012 10:05:02 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/11/2012 1:05:02 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.268,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 8/27/2012 5:21:29 PM | Computer Name = HOME | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\QBooks\setup.exe for one of the
following reasons: there is a problem with the network connection, the disk that
the file is stored on, or the storage drivers installed on this computer; or the
disk is missing. Windows closed the program Setup.exe because of this error. Program:
Setup.exe File: D:\QBooks\setup.exe The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000240 Disk type: 5

Error - 8/27/2012 5:21:35 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 21.0.1.16, faulting module
setup.exe, version 21.0.1.16, fault address 0x000513ab.

Error - 8/27/2012 5:27:36 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/29/2012 10:44:52 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2012 6:09:13 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iebho.dll, version 1.0.0.1, fault address 0x0006e5c7.

Error - 9/21/2012 8:31:01 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 4/15/2012 4:01:22 AM | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 250
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/9/2012 6:20:00 AM | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 240
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/20/2012 12:10:44 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 9/20/2012 12:10:44 PM | Computer Name = HOME | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.1345.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 9/20/2012 2:16:17 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/21/2012 8:18:57 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.5 for the Network Card with network address
204E7FE948C4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent
a DHCPNACK message).

Error - 9/21/2012 10:44:32 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/21/2012 10:44:38 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/21/2012 10:45:40 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter

Error - 9/21/2012 10:49:45 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/21/2012 10:51:13 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.5 for the Network Card with network address
204E7FE948C4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent
a DHCPNACK message).

Error - 9/22/2012 1:36:35 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The DefaultTabUpdate service failed to start due to the following
error: %%3


< End of report >
  • 0

#12
Essexboy
Posted 22 September 2012 - 03:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sure the command that you entered from the run key reset the batch file association, this enabled the batch file that you downloaded to reset the remaining file associations.. Simples :lol:

After this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\amy\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
IE - HKCU\..\SearchScopes\{1BAA63B8-311D-4D8A-A7FC-BDE49DC27391}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1678857
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6PQnvcl2Wd&i=26
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)

:Files
C:\Documents and Settings\amy\Application Data\PriceGong

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
Audaciter
Posted 22 September 2012 - 09:02 PM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
That command actually wouldn't work from the run box. I had to open a command prompt by first opening the task manager and then clicking file > new task (Run...) while holding ctrl, and then run the command from there. But it did work very well, so thank you again.

So where did you find this batch file? Would this work for any version of Windows?

And where did learn these fixes that you can paste into OTL? I was enrolled briefly at geekstogo U to try to learn this stuff, but it seems that I've been kicked out. I guess I took too long to post my responses to the first logs I was supposed to work on. But I'm still interested. Looks like I'll have to try to figure things out on my own.

Here is the log:

OTL logfile created on: 9/22/2012 10:31:04 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\amy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 86.24% Memory free
4.82 Gb Paging File | 4.48 Gb Available in Paging File | 92.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 56.36 Gb Free Space | 75.65% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 3.64 Gb Free Space | 48.93% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: amy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 21:50:27 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/22 20:00:41 | 003,082,640 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\WebVaccine\a2service.exe
PRC - [2012/09/22 08:41:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - [2012/09/22 21:50:27 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/22 20:00:41 | 003,082,640 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\WebVaccine\a2service.exe -- (a2AntiMalware)
SRV - [2012/09/20 20:06:31 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/22 19:29:06 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\WebVaccine\a2accx86.sys -- (a2acc)
DRV - [2012/05/25 13:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\WebVaccine\a2ddax86.sys -- (A2DDA)
DRV - [2010/06/24 18:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2006/05/10 16:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7E2AA370-D0C1-4D13-B601-7ACE4DC605C1}: "URL" = http://websearch.ask...0-61455391E332
IE - HKCU\..\SearchScopes\{C5E9D6BB-9891-4C06-AC2D-7D7A6B0A7E8E}: "URL" = http://www.google.co...1I7GGHP_enUS457
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 18:24:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/22 18:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\amy\Application Data\Mozilla\Extensions
[2012/09/22 18:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\amy\Application Data\Mozilla\Firefox\Profiles\gbl4aio8.default\extensions
[2012/09/22 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/22 21:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406

O1 HOSTS File: ([2012/09/22 21:53:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\webvaccine\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{471730F7-C084-4165-964C-2475692AC721}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F56442-3B47-4E0B-9E32-3661C5731B84}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\amy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 15:09:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/08/30 10:39:02 | 000,000,112 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f659795b-0b06-11e1-a77c-80d1a08597a5}\Shell\AutoRun\command - "" = E:\urDrive.exe
O33 - MountPoints2\{f659795d-0b06-11e1-a77c-80d1a08597a5}\Shell\AutoRun\command - "" = Install.exe
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell - "" = AutoRun
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f659795e-0b06-11e1-a77c-0013729daf89}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 21:29:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/22 21:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/22 19:02:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WebVaccine
[2012/09/22 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\WebVaccine
[2012/09/22 19:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\My Documents\Anti-Malware
[2012/09/22 18:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Local Settings\Application Data\Mozilla
[2012/09/22 18:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\Mozilla
[2012/09/22 18:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/22 18:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/22 13:40:21 | 000,101,112 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/09/22 13:40:21 | 000,042,864 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/09/22 13:39:54 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/09/22 13:33:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 08:40:01 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/21 20:16:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2012/09/21 18:35:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/21 16:05:55 | 005,077,368 | ---- | C] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 15:59:42 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:46:58 | 004,983,144 | ---- | C] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/20 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/12 18:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Desktop\Emergency Scanner
[2012/09/10 15:25:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/29 10:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/08/29 10:34:43 | 000,000,000 | ---D | C] -- C:\extensions
[2012/08/29 10:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/08/29 10:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
[2012/08/29 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/08/29 10:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\Yahoo!
[2012/08/29 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/08/27 16:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2012/08/27 15:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/08/27 15:36:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/08/27 15:36:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/08/27 15:36:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/08/27 15:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\amy\Application Data\InstallShield

========== Files - Modified Within 30 Days ==========

[2012/09/22 22:22:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/22 22:07:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/22 22:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 21:57:25 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/09/22 21:57:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/22 21:57:15 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/22 21:57:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 21:53:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/22 21:35:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/22 21:33:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/22 19:02:57 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\WebVaccine.lnk
[2012/09/22 19:02:57 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WebVaccine.lnk
[2012/09/22 18:24:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/22 18:24:58 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/22 08:41:12 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\amy\Desktop\OTL.scr
[2012/09/21 21:26:55 | 119,091,200 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/09/21 16:06:22 | 005,077,368 | ---- | M] (ParetoLogic, Inc.) -- C:\Documents and Settings\amy\Desktop\RegCureProSetup_RW.bat
[2012/09/21 16:00:12 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\SpeedyPC Pro Installer.com
[2012/09/21 15:47:21 | 004,983,144 | ---- | M] (SpeedyPC Software) -- C:\Documents and Settings\amy\Desktop\exerepair.bat
[2012/09/21 10:31:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/08/29 11:01:00 | 000,475,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/29 11:01:00 | 000,076,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/29 10:31:56 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/28 14:30:49 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 10:11:53 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/28 09:26:18 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/28 03:21:08 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/27 15:45:36 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url

========== Files Created - No Company Name ==========

[2012/09/22 19:02:57 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\WebVaccine.lnk
[2012/09/22 19:02:57 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WebVaccine.lnk
[2012/09/22 18:24:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/22 18:24:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 18:24:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/21 21:26:51 | 119,091,200 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\VIPRERescue13156.exe
[2012/09/21 16:19:20 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\xp_exe_fix.zip
[2012/08/29 10:35:22 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2012/08/29 10:35:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2012/08/29 10:31:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\amy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2012/08/29 10:31:56 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Optimizer Pro.lnk
[2012/08/28 14:30:48 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\MapQuest.url
[2012/08/28 10:11:53 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\wrmdiscd.r (2).url
[2012/08/28 10:11:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\FleetOne.url
[2012/08/27 15:45:36 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Hop Loads, Grain Hauling, Bulk Freight, Hopper Loads.url
[2012/08/27 15:45:20 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\amy\Desktop\Home - Welcome to CenturyLink Business.url
[2012/08/27 15:36:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/06/16 16:54:40 | 000,002,956 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml
[2012/04/17 03:34:26 | 000,965,423 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-842925246-1417001333-1644491937-1003-0.dat
[2012/04/17 03:34:24 | 000,274,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/15 15:16:32 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/09 22:50:51 | 000,000,060 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/02/14 14:41:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 12:40:16 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/11/19 11:52:59 | 000,000,453 | ---- | C] () -- C:\Program Files\1119201110525990.bat
[2011/11/12 09:58:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/11/12 09:52:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/11/12 09:51:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 15:12:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 15:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 10:00:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 09:59:47 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/17 18:39:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

========== LOP Check ==========

[2012/06/23 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\8floor
[2012/01/12 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2012/04/29 05:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2011/11/11 21:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/07/07 19:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/10 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/03/25 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/01/07 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/12/11 18:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2012/01/21 17:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
[2012/06/10 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crown
[2012/05/15 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2012/07/01 18:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
[2011/12/11 01:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2012/07/29 20:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2012/07/28 23:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2012/07/22 21:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
[2012/03/28 18:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
[2012/03/18 14:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
[2012/05/28 20:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
[2012/05/15 18:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Vikings
[2012/05/28 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2011/11/12 17:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2012/05/27 12:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2012/05/16 17:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GabCab
[2011/12/10 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/12/24 10:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gogii
[2012/03/11 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2012/02/13 08:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2012/07/23 07:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012/08/19 09:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2012/03/18 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2012/03/24 14:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2011/11/11 20:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2012/06/15 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWinG
[2012/02/05 07:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2012/01/22 12:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
[2012/02/05 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maximize Games
[2012/04/21 10:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2012/03/18 12:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/08/06 18:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2012/03/29 03:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2012/06/23 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/06/17 08:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2012/07/02 15:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2012/08/29 10:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/06/09 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/06/03 19:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2012/03/04 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC
[2012/06/23 09:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Publisher
[2012/06/09 07:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PuzzlesByJoe
[2012/04/14 13:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RescueFrenzy
[2012/04/14 21:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2012/06/09 13:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/12/21 19:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/13 19:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpookyMall
[2011/12/10 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2012/01/08 12:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2012/03/18 13:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
[2012/08/19 00:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/26 17:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ToyDefense
[2011/12/11 18:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm2
[2012/04/28 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeatherLord
[2012/08/19 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/03/28 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2012/06/23 22:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\8floor
[2012/05/26 21:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\A2 Entertainment
[2012/02/12 21:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Aidem Media
[2012/04/12 15:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar
[2012/01/09 08:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar Entertainment
[2012/06/09 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Alawar Stargaze
[2012/07/21 07:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\aliasworlds
[2012/06/09 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Anuman
[2012/05/13 11:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Artifex Mundi
[2012/06/03 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Be a King 2
[2012/04/12 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Big Fish Games
[2012/02/22 19:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\bigwig_media
[2012/07/28 00:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\BlamGames
[2012/06/17 11:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Boomzap
[2011/12/22 19:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Brabl
[2011/11/12 12:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\BumpkinBrothers
[2011/12/11 18:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Casual Arts
[2012/03/25 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\casualArts
[2012/06/17 13:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\cerasus.media
[2011/12/17 15:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Colibri Games
[2012/06/10 01:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\CoronationStreetPC
[2012/06/10 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Crown
[2011/12/24 15:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\dekovir
[2012/05/17 17:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Dereza
[2011/12/04 00:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DieselPuppet
[2012/04/12 15:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DivoGames
[2011/12/19 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\DriverCure
[2012/05/15 17:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\eGames
[2011/11/12 22:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Elephant Games
[2012/03/18 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Enchanted Katya
[2011/11/14 19:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FamilyVacationCalifornia
[2012/07/28 11:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FarmFables
[2012/06/09 12:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\FirstColony
[2011/11/26 19:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Freeze Tag
[2012/03/24 14:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\freshgames
[2012/07/27 21:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Fugazo
[2012/03/24 22:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Gaijin Ent
[2011/12/10 19:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameCards
[2012/04/12 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameHouse
[2012/06/09 14:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\GameInvest
[2011/12/24 10:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\gogii
[2012/04/12 15:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Green Clover Games
[2012/02/13 08:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Happy Artist Studio
[2012/01/14 10:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Happy Chef
[2011/11/26 18:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\HdO Adventure
[2012/06/09 17:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\HipSoft
[2012/01/15 16:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\InImages
[2012/04/15 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands
[2012/04/11 07:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands2
[2011/12/22 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Islands3
[2012/07/29 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\iWin
[2012/06/15 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\iWinG
[2012/04/22 09:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\JoyBits
[2012/05/26 10:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Jumb-O-Fun Games
[2012/05/12 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\LegacyGames
[2012/04/22 16:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\MagicIndie
[2012/02/05 16:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Maximize Games
[2012/04/21 10:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Mean Hamster
[2012/06/16 21:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Meridian93
[2011/12/17 15:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\MumboJumbo
[2011/11/12 16:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Mysteryville2
[2012/06/23 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Namco
[2012/03/28 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\NevoSoft Games
[2012/06/17 08:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Nevosoft-Breeze
[2011/11/19 10:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Oberon Media
[2012/01/15 17:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PathToSuccess
[2011/11/15 18:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Peace Craft
[2011/11/16 17:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PeaceCraft2
[2011/11/12 16:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PetRush
[2012/04/21 14:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Ph03nixNewMedia
[2012/07/07 21:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Pirateville
[2012/06/09 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\PlayFirst
[2012/04/12 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\playmink
[2012/06/03 17:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Playrix Entertainment
[2012/06/23 09:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Publisher
[2012/07/04 21:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Rainbow
[2012/04/12 15:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\RunningPillow
[2012/04/12 15:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Sahmon Games
[2011/12/03 13:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\Scholastic
[2012/07/07 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\searchquband
[2012/07/07 19:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\searchqutoolbar
[2011/12/12 15:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SMIGames
[2011/12/19 20:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SpeedyPC Software
[2012/02/04 15:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SpinTop Games
[2012/06/09 10:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\SulusGames
[2012/06/10 18:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\TheMissingMonaLisa
[2012/04/12 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\VendelGAMES
[2011/12/31 08:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\ViquaSoft
[2012/04/28 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WeatherLord
[2012/04/12 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WendigoStudios
[2012/08/19 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\WildTangent
[2012/04/12 15:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\World-Loom
[2012/07/11 19:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\YoudaGames
[2012/02/05 12:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\amy\Application Data\ZiggyTV

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C12CFCD
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C4A588B
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF07EA98
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF9C44FE
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F943019
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80B291A7
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:461BD06D
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45C55624
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E412AAF2
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A56D6987
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E73B14E2
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E1514E
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1
@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:195E8317
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:391535F9
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78696BCD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A039EDF9
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE3ABE3D
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE0A077E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A99299
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B86642C5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F54BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5506D17E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E153075C
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE289451
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A18F36
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC56E61
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D03192E
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE52088
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2502B755
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05582920
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0483BBEB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E56E607B
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC636E9
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:013CE219
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42390E15
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38FF076E
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D33169E5
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D288858
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:744022A1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68198EE3
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EA18A7D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E2D49E0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E61938B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E5CFA74
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFCB5A35
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67947AF
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFF71B94
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:751D6870
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71380EB5
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C1FEFDE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C21784C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7FFE8AF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E4E56EA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73879882
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:415F73A0
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:138A0A84
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6A94369
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0848D16
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3E37DC
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6423D635
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56A74E89
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD2588B7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC1F7CAE
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB718C46
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8D7701E
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1AE40C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BE982EA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA4FAE31
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C82210DD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756A3FF0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A9CF5CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CB541C4
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E031F3E0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C458CC0A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64798F2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6B07419
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1A86E40
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466FA8C3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF73BE4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7180F4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:274516E7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242E63C5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43C957E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C1A5F4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E7BFD87
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C201DEB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF71CAB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6537A16
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6EC5C2A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BADF2274
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A13B1B25
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80D975A5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D3515D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084612C9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D453E38B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D36E068F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC20936
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:479B1CF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E52E4F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0553E73
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73B78E79
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C4BD225
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13893338
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF19F127
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6CBEC5B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0AB0B4A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA24E689
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1128200
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDFD746
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EB6E559
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2636DE16
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24FFE96C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A53FC92
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4E54A89
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3606FCC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C7A32BB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE4216C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F740FCB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FCC54B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28819F45
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2216A431
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBA79096
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2327E82
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AEABFEC4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:902C848D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DDD2723
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7425C891
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B09C4D9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517EFA90
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D4041D5
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02A78DF6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAFAD1DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:597254A1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AC0C8F5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:351730E8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2193E86E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB79FDF8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:796EE7C8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57619D72
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CED8825
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E21413B8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0A09032
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC8F261A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC0528D9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB422E00
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:716BF8D6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14F07CC4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F164CEA1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD95E6D9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9339169
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65621319
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:966CEAE7
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95079543
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16B49C20
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3A6CA11
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB2162E

< End of report >
  • 0

#14
Essexboy
Posted 23 September 2012 - 04:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The initial command was just to reset the bat file and once that was done it was then just a matter of using Doug Knox's batch file which is just a total list of XP associations and the default values.. Purely to save typing them in one at a time (very tedious to do ). Nad he has a lot of small files like that on his site which remove the tedium from manually inputing the commands

There is an OTL tutorial on site, but use with caution as it can ruin your day


How is the computer behaving now ?
  • 0

#15
Audaciter
Posted 23 September 2012 - 06:59 AM

Audaciter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I had already read the OTL tutorial a couple of times. I think that was why I was taking so long that I was kicked out of geek U. :)
So do you have any idea what this infection was?

The computer seems to be running fine. Thank you again for your help.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP