My issues began a while back (probably about 2 years ago.) I had just had my PC cleaned and it had been running smoothly for some months. I went out of town and left my nephew to house-sit. When I came back, my computer was infested with all kinds of stuff from whatever horrible websites him and his friends had been going on, but I can't remember exactly what all of it was. My anti-virus (Comodo at the time) would not work properly and neither would Malwarebytes or anything else I tried to use. Eventually I got the problem under control and everything went back to normal. . .or, almost to normal, things never got back to 100%
Every now and then something strange would happen- icons would disappear from the desktop and start menu items would disappear, files would also disappear. Some things that I swore I deleted would reappear, only extremely corrupt and unusable. My wordperfect became so corrupt that I ended up having to reinstall it. I would run scans and once in a while something would be picked up, but, for the most part, it was never anything that seemed too bad. Yet, the problems persisted. . . Because I had gotten a new computer and rarely used this one (this one was reserved for games for the most part) I just never pursued anything beyond running regular scans. I kept putting off coming to a forum for help because I truly believed if it were something that bad, one of the scans would have surely found it by now. . .and, to be honest, I wrote myself off as crazy until someone else noticed start menu items disappearing a few months ago. Within the last few months some new things have popped up, and I've just finally decided to get some help with getting to the bottom of it all.
Probably about 6 months ago the search engine redirecting began. Any link I clicked would take me somewhere else. I knew this was a problem, but no scan would pick anything up. There are also times when my computer will rev up and freeze. The fan begins going extremely fast and the computer begins heating up, I have to manually shut it down because I'm afraid something is going to get damaged. This has happened both when the computer was in use and when it was supposed to be in hibernate mode. Although technically I am the Administrator for the computer, whenever I try to run a program as administrator, it asks for a password. I have never password protected anything. I wrote this off as a prank, but I have yet to find anyone to admit to it (this is a home computer and there are only a handful of people who would have had access to it to do that)so I am including it here. It has also begun running very slow. Programs are slow to open and to close, videos won't play correctly, and games which have previously worked fine are beginning to lag to the point of being unplayable.
The past few months I have run every scan I can think of- Avast!, Kaspersky, Ad-aware,Malwarebytes, SuperAntiSpyware, Spybot Search and Destroy,TDSSKiller, and probably some more that I can't remember. I know there was one rootkit program I used at one point that also didn't find anything. The Avast! Scans are run regularly and have never picked up that much (if anything) until the other day. It was actually the most productive scan I've had since my problems began. During a boot scan it picked up several Java:Agents and Java:CVE-2012, as well as a few Java:Malware-gen.
While all of the scans above may have found something here and there (usually they find nothing), it was always something different and even after their removal, the redirect persisted. After removing all of the things found in the last scan, there was no improvement in the new problems (the lagging and revving) either.
Here is my OTL scan: (I hope I've done all of this right, sorry if I've forgotten something)
OTL logfile created on: 10/15/2012 4:47:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steven Wilkins\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 78.41% Memory free
6.34 Gb Paging File | 5.72 Gb Available in Paging File | 90.22% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 53.95 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: WILKINS | User Name: Steven Wilkins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/10/15 16:23:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steven Wilkins\My Documents\Downloads\OTL.exe
PRC - [2012/10/15 16:00:27 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001
PRC - [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/14 17:00:04 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/05/09 11:53:46 | 000,201,112 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/14 12:31:12 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2009/11/04 18:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2005/10/24 10:26:00 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/15 09:47:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/06/17 07:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/15 16:00:27 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\temp\clclean.0001.dir.0001\~df394b.tmp
MOD - [2012/10/15 14:20:12 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101501\algo.dll
MOD - [2012/10/15 02:34:53 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101500\algo.dll
MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 18:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/07/13 10:53:04 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
MOD - [2005/10/24 10:26:00 | 000,262,144 | ---- | M] () -- C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/05/19 01:54:00 | 001,345,520 | ---- | M] () -- C:\WINDOWS\system32\CTMBHA.DLL
========== Services (SafeList) ==========
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/14 12:31:12 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/07/13 10:53:04 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/10/24 10:26:34 | 000,479,232 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2005/06/17 07:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\idfda.sys -- (stlntbm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\samhid.sys -- (samhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CamDrL21.sys -- (PhilCam8116)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 04:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/05/17 17:48:27 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/05/17 17:48:27 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2006/06/12 23:34:06 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/01/03 19:58:00 | 000,269,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/06 14:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/25 15:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 09:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/10 17:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/10 17:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/22 18:58:00 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...-inc&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/?r=4954
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 36 8A 67 1D 9A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...4A-8E7EB5B96605
IE - HKCU\..\SearchScopes\{30236502-82DA-41BB-80C8-EE647ADBC1CA}: "URL" = http://www.google.co...&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{77334694-cf9e-485e-a8ac-bfdfbffd5cc6}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{CC13C2C9-A0F0-4080-8B01-ED18FB0CF7AD}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2010/02/18 14:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions
[2009/12/20 15:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]
[2009/04/09 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Extensions\[email protected]
========== Chrome ==========
CHR - homepage: https://www.startpage.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.startpage.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.170_0\npsoe.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: IE Tab = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/10/15 15:58:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe ()
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Steven Wilkins\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster Express\pmremind.exe (Broderbund Properties LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: neopets.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.33/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5737A7E9-56A7-4718-9365-AE58EE28AB21}: DhcpNameServer = 97.64.209.36 97.64.168.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steven Wilkins\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (C:\WINDOWS\system32\ijebmevd.exe C:\WINDOWS\system32\ijebmevd.exe:changelist)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/15 16:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steven Wilkins\Desktop\GooredFix Backups
[2012/10/15 15:58:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/10/15 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/15 15:43:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/15 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/12 17:27:22 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
========== Files - Modified Within 30 Days ==========
[2012/10/15 16:37:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 16:20:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005UA.job
[2012/10/15 16:01:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/15 16:01:14 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/15 16:00:31 | 000,000,849 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/10/15 16:00:26 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/15 16:00:24 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/15 16:00:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/15 16:00:12 | 3487,731,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 15:58:48 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/15 15:43:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 08:00:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2012/10/15 01:20:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-68032846-1058140136-4283777642-1005Core.job
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steven Wilkins\Desktop\TDSSKiller.exe
[2012/10/11 18:30:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/10 21:23:25 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Desktop\Google Chrome.lnk
[2012/10/10 21:23:25 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steven Wilkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 18:00:56 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/03 19:22:44 | 000,006,268 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/10/03 19:22:44 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\4326BF1B47.sys
========== Files Created - No Company Name ==========
[2012/10/15 15:43:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 20:27:33 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 20:27:33 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 18:30:45 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/06 17:24:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/06 17:24:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/06 17:24:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/14 16:57:46 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\.backup.dm
[2011/10/04 16:31:24 | 000,001,676 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/06/24 17:07:17 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4km8r11bfh1yqvl25a72
[2011/06/24 17:07:16 | 000,018,578 | -HS- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\4km8r11bfh1yqvl25a72
[2011/04/15 21:02:37 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/15 21:02:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/01 10:36:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2010/11/30 09:02:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\housecall.guid.cache
[2010/10/16 10:06:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\jagex_runescape_preferences.dat
[2010/07/08 21:29:43 | 000,012,860 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\.recently-used.xbel
[2009/11/09 16:20:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\prvlcl.dat
[2009/02/02 19:01:53 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/19 17:14:01 | 000,000,464 | RHS- | C] () -- C:\Documents and Settings\Steven Wilkins\ntuser.pol
[2008/06/24 21:12:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\core
[2008/02/27 14:28:36 | 000,003,740 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\mindhabits.dat
[2006/06/25 16:02:46 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\dvd.bmk
[2006/06/21 00:04:09 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/19 15:22:53 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JPR.{PB
[2006/06/19 15:22:53 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\PFP120JCM.{PB
[2006/06/16 21:25:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Application Data\$_hpcst$.hpc
[2006/06/14 21:28:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Steven Wilkins\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/03/24 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2012/09/24 06:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/04 16:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/01/24 13:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/03/09 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/02/14 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2012/07/11 12:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2012/07/16 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colibri Games
[2010/06/15 12:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2010/06/15 12:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/03/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2010/01/16 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamersDigital
[2008/06/16 16:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/05/01 17:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2009/04/07 18:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/03/06 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2008/06/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2006/06/15 15:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2009/04/23 11:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/02 17:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptiTex
[2008/12/30 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/24 15:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2008/10/07 17:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarPlay
[2012/07/27 20:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2009/12/20 15:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/14 20:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/10 19:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/30 18:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/11 19:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\1morebee
[2010/03/24 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Absolutist
[2010/01/09 23:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\acccore
[2012/05/29 13:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ad-Aware Antivirus
[2012/05/31 17:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\adawaretb
[2009/11/28 17:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Alawar
[2008/10/05 19:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\AlterLab
[2008/10/09 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Amaranth Games
[2009/01/12 20:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ashtons. Family Resort
[2010/03/31 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Aveyond 3
[2008/10/23 16:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Aveyond II
[2008/08/08 17:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Beanbag Studios
[2010/05/07 15:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Big Fish Games
[2009/03/09 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\blg
[2009/03/16 13:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Boolat Games
[2010/02/23 12:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Boomzap
[2009/06/24 20:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Camel101
[2009/08/17 15:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\CasualForge
[2008/10/12 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\cerasus.media
[2009/09/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Chicken Chase
[2012/07/16 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Colibri Games
[2009/08/10 14:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\CupcakeCafe
[2009/03/05 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\EleFun Games
[2009/12/09 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ElementalsTheMagicKey
[2008/07/17 23:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ElevatedDiagnostics
[2009/05/19 21:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Enchanted Katya
[2009/11/07 19:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ERS G-Studio
[2009/01/12 15:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Fabulous Finds
[2009/08/29 20:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\FarmerJane
[2009/05/24 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Flood Light Games
[2008/08/16 13:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\FloodLightGames
[2009/01/16 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ForgottenRiddles2
[2010/05/27 17:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\freshgames
[2008/08/08 19:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Friday's games
[2008/06/21 15:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Gaijin Ent
[2008/08/25 14:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Gamelab
[2010/01/16 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\GamersDigital
[2008/12/12 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Games
[2009/08/29 17:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\GraveyardShift
[2009/12/23 13:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\gtk-2.0
[2008/05/19 18:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home
[2008/12/17 19:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home 2
[2008/12/24 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Home Sweet Home Christmas
[2010/07/12 19:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\HotSync
[2008/04/18 17:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Image Zone Express
[2008/10/06 12:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ITTNord
[2009/02/26 21:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\iWin
[2009/08/23 03:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Kernel for Outlook
[2006/06/17 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Leadertech
[2008/06/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Ludia
[2010/05/11 11:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Mean Hamster
[2009/08/29 18:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MegaplexMadnessSummerBlockbuster
[2009/08/06 17:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Meridian93
[2010/03/18 17:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Merscom
[2008/02/04 17:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MSNInstaller
[2009/02/10 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\My Games
[2008/06/22 12:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\MysteryStudio
[2009/04/24 17:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\NCH Swift Sound
[2008/03/13 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberon
[2008/01/26 20:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberon Games
[2009/04/24 21:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Oberonv1002
[2009/06/03 20:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\panoramik
[2009/08/24 15:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Peace Craft
[2009/06/26 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\PetRush
[2010/03/27 21:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\PlayFirst
[2009/12/11 17:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Playrix Entertainment
[2009/02/14 21:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Pogo Games
[2008/02/25 21:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Printer Info Cache
[2011/05/03 09:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\QuickScan
[2009/04/23 11:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Recordpad
[2009/01/23 17:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\RegistryDefense
[2010/02/14 21:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Research In Motion
[2012/10/15 12:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk
[2012/06/14 17:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SanDisk SecureAccess
[2008/10/23 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sandlot Games
[2009/09/25 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sanna
[2009/01/14 11:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SecondLife
[2010/03/16 15:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ShinyTales
[2012/06/19 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Sony Online Entertainment
[2008/06/28 10:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SoundSpectrum
[2008/10/14 12:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\SulusGames
[2008/02/27 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TheScruffs
[2009/05/07 21:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TikGames
[2009/12/20 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\TomTom
[2009/06/26 18:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\UClick
[2010/05/24 11:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Unity
[2008/07/09 20:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\ViquaSoft
[2009/12/23 18:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Virtual City
[2010/07/15 19:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\Windows Search
[2009/02/13 15:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\World-LooM
[2009/08/11 18:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steven Wilkins\Application Data\YoudaGames
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\Leslieghost.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\CFlog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7702.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7701.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7700.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7699.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7698.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7696.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7695.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7694.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7693.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7692.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7691.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7690.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7689.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7686.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7685.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7683.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7682.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7681.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7680.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7679.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7678.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7677.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7676.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7675.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7674.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7673.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7672.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7671.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7670.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7669.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7668.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7667.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7666.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7665.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7664.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7663.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7662.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7661.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7660.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7657.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7656.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7655.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7654.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7653.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7652.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7651.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7650.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7649.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7648.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7647.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7646.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7645.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7644.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7643.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7642.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7641.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7640.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7639.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7633.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7632.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7631.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7630.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7629.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7628.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7627.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7626.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7624.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7623.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7622.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7621.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7620.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7619.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7618.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7617.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7616.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7615.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7614.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7613.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7612.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7611.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7610.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7609.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7607.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7606.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7601.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7594.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7593.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7588.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7587.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7586.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7585.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7584.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7583.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7582.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7581.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7580.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7579.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7578.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7577.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7576.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7575.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7574.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7573.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7572.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7571.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7570.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7569.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7568.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7567.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7566.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7564.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7563.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7562.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7561.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7560.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7558.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7557.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7552.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7551.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7550.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7549.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7548.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7547.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_7546.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_6672.MOV:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5484.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5483.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5478.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5472.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5459.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_5443.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1625.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1595.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1565.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1559.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1556.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1530.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1510.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1496.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1486.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven Wilkins\My Documents\100_1472.JPG:Roxio EMC Stream
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rriitcnq.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\rijakmlv.exe:changelist
@Alternate Data Stream - 120 bytes -> C:\WINDOWS\System32\gpkevxqy.exe:changelist
< End of report >