Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Windows Installer po up message - virtumonde?

  1. #1
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default Windows Installer po up message - virtumonde?

    A "Windows Installer" pop up message which just says "installing ..." is repeatedly appearing on screen. The computer doesn't seem to actually be installing anything. There is a "cancel" button which I can click and it does after a minute or so close the box.

    Before this began happening, the computer had been slowing to a crawl (something running constantly in background). I did a system restore, spy bot S&D found a Virtumonde which it removed, and I also ran McAfee virtual technician, which had me install an updated engine.

    I'm wondering if some registry or other changes were made.

    Thank you for any assistance.

    DDS report for above:


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by James Collins at 14:23:35.95 on Sat 10/16/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://my.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100915080541.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Easy Dock] c:\documents and settings\james collins\my documents\rca easyrip\EZDock.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
    mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.5\RetroExpress.exe /h
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TimeSink Ad Client] "c:\program files\timesink\adgateway\TSAdBot.exe"
    StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
    StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\jamesc~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\james collins\my documents\rca detective\RCADetective.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List
    IE: Easy-WebPrint High Speed Print
    IE: Easy-WebPrint Preview
    IE: Easy-WebPrint Print
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: eastersealsnh.org
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: mcafee.com\us
    Trusted Zone: microsoft.com\www.update
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\james collins\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-10-12 19:34:49 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-12 19:34:48 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-12 19:34:38 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-11 00:06:55 -------- d-----w- c:\docume~1\jamesc~1\locals~1\applic~1\Microsoft Help
    2010-10-10 00:34:14 -------- d-----w- c:\program files\Spawn
    2010-10-10 00:03:02 2829 ----a-w- c:\windows\DiabUnin.pif
    2010-10-10 00:03:02 118784 ----a-w- c:\windows\DiabUnin.exe
    2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-09 03:51:16 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-10-09 03:51:16 -------- d-----w- c:\program files\common files\L&H
    2010-10-09 03:03:18 5450 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-10-08 00:45:50 -------- d-----w- c:\documents and settings\all users\Microsoft
    2010-10-08 00:44:19 364607 ----a-w- c:\program files\common files\microsoft shared\ink\SKCHUI.DLL
    2010-10-08 00:44:18 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
    2010-10-08 00:39:41 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-10-06 00:34:41 -------- d-----w- c:\program files\D-Link Toolbar
    2010-10-06 00:34:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\D-Link Toolbar
    2010-10-06 00:34:34 -------- d-----w- c:\program files\common files\Software Update Utility
    2010-10-05 23:49:55 -------- d-----w- c:\docume~1\jamesc~1\applic~1\VirtualStore
    2010-10-02 19:16:40 -------- d-----w- C:\Atari2600
    2010-10-02 16:03:20 -------- d-----w- c:\program files\Crimson Editor
    2010-10-02 00:27:05 -------- d-----w- c:\docume~1\jamesc~1\applic~1\Stella
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-22 00:39:37 -------- d-----w- c:\docume~1\jamesc~1\applic~1\McAfee
    2010-09-21 21:55:31 -------- d-----w- c:\program files\Sony Media Go Install
    2010-09-19 13:53:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\RetroExp
    2010-09-19 13:52:59 -------- d-----w- c:\program files\Retrospect
    2010-09-19 13:25:31 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys
    2010-09-19 13:25:21 -------- d-----w- c:\program files\Iomega

    ==================== Find3M ====================

    2010-10-15 22:36:15 235248 -c--a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-15 22:36:15 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-03 00:17:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-09-03 00:17:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 00:49:48 2373712 ----a-w- c:\windows\system32\pbsvc.exe
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-20 22:51:36 1874384736 ----a-w- c:\program files\MSSetupv87.exe
    2009-10-30 16:56:29 85504 ----a-w- c:\program files\Inherit.exe
    2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll

    ============= FINISH: 14:25:31.89 ===============
    Attached Files Attached Files
    Last edited by Blade81; 2010-10-16 at 23:25. Reason: Two posts merged. Helpers look for topics with 0 replies.

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,820

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    TimeSink Ad Client
    <--Did you knowingly install this program, it looks like it could cause problems


    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default

    Here is log. Thank you for your assistance.



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4922

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/23/2010 12:31:07 AM
    mbam-log-2010-10-23 (00-31-07).txt

    Scan type: Quick scan
    Objects scanned: 155533
    Time elapsed: 12 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\timesink ad client (AdWare.Cydoor) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,820

    Default

    Looks like that was the culprit. Please answer any questions I ask as it helps me with the diagnosis of your system.

    Run this program , it will show a bit more of whats going on


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click on Minimal Output at the top
    • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
    • Double click inside the Custom Scan box at the bottom
    • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
    • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
    • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default Extras scan log

    OTL Extras logfile created on: 10/23/2010 8:48:05 AM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\James Collins\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.13 Gb Total Space | 154.86 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 711.68 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

    Computer Name: D9Q76YB1 | User Name: James Collins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "56961:TCP" = 56961:TCP:*:Enabled:Pando Media Booster
    "56961:UDP" = 56961:UDP:*:Enabled:Pando Media Booster
    "58465:TCP" = 58465:TCP:*:Enabled:Pando Media Booster
    "58465:UDP" = 58465:UDP:*:Enabled:Pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "9842:TCP" = 9842:TCP:*:Disabled:SolidNetworkManager
    "9842:UDP" = 9842:UDP:*:Disabled:SolidNetworkManager
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "56767:TCP" = 56767:TCP:*:Enabled:Pando Media Booster
    "56767:UDP" = 56767:UDP:*:Enabled:Pando Media Booster
    "56961:TCP" = 56961:TCP:*:Enabled:Pando Media Booster
    "56961:UDP" = 56961:UDP:*:Enabled:Pando Media Booster
    "58465:TCP" = 58465:TCP:*:Enabled:Pando Media Booster
    "58465:UDP" = 58465:UDP:*:Enabled:Pando Media Booster
    "1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
    "C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
    "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
    "C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe" = C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy -- File not found
    "C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII -- File not found
    "C:\Program Files\McAfee\MSK\MskSrver.exe" = C:\Program Files\McAfee\MSK\MskSrver.exe:*:Enabled:MskSrver -- File not found
    "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" = C:\Program Files\Dell Support Center\bin\sprtcmd.exe:*:Enabled:sprtcmd -- (SupportSoft, Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Steam\steamapps\common\hexen 2\glh2.exe" = C:\Program Files\Steam\steamapps\common\hexen 2\glh2.exe:*:Enabled:Hexen 2 -- File not found
    "C:\Program Files\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe" = C:\Program Files\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe:*:Enabled:Osmos IGF Demo -- File not found
    "C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe" = C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars -- File not found
    "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
    "C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
    "C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\Steam\steamapps\bartawe\half-life\hl.exe" = C:\Program Files\Steam\steamapps\bartawe\half-life\hl.exe:*:Enabled:Half-Life -- File not found
    "I:\Games\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = I:\Games\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf Demo -- ()
    "I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe" = I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)
    "I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe" = I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)
    "I:\Games\Steam\steamapps\common\torchlight\TorchED\Editor.exe" = I:\Games\Steam\steamapps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor -- (Runic Games, Inc.)
    "I:\Games\Steam\steamapps\bartawe\ricochet\hl.exe" = I:\Games\Steam\steamapps\bartawe\ricochet\hl.exe:*:Enabled:Ricochet -- (Valve)
    "I:\Games\Steam\steamapps\bartawe\team fortress classic\hl.exe" = I:\Games\Steam\steamapps\bartawe\team fortress classic\hl.exe:*:Enabled:Team Fortress Classic -- (Valve)
    "I:\Games\Steam\steamapps\common\alien swarm\srcds.exe" = I:\Games\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
    "I:\Games\Steam\steamapps\common\alien swarm\swarm.exe" = I:\Games\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
    "I:\Games\Steam\steamapps\bartawe\half-life\hl.exe" = I:\Games\Steam\steamapps\bartawe\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
    "{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
    "{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
    "{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
    "{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
    "{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
    "{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
    "{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
    "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
    "{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
    "{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Overture
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
    "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
    "{3FF0269F-3C3F-4C9D-832B-AAECC8B593CF}" = Grandmaster Challenge
    "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
    "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
    "{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E901875-0F15-44BA-89DE-94AA41A7F507}" = Clear Cache feature for Internet Explorer
    "{552C5B4A-595F-4FA6-B2AD-2F1B2A333CE5}" = Fritz7
    "{58FD9795-2B8D-4984-90B7-08AD00549BDB}_is1" = BatariBasic Installer 0.1
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
    "{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.00
    "{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
    "{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
    "{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{6818E2F8-132B-4A68-94EA-CDC8B8132CD4}" = Castlevania & Contra
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
    "{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
    "{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{999A2E61-63EE-61BF-26E4-0C7B8B2A0BE2}" = Media Go Video Playback Engine 1.8.104.02120
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
    "{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
    "{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
    "{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
    "{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
    "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
    "{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
    "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
    "{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
    "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
    "{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
    "{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
    "{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
    "{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
    "{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
    "{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
    "{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.57
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "All ATI Software" = ATI - Software Uninstall Utility
    "Aquaria" = Aquaria
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Canon MP600 User Registration" = Canon MP600 User Registration
    "CanonMyPrinter" = Canon My Printer
    "Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
    "Citrix Web Client" = Citrix Web Client
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Colorizer 1.0.0.1" = Colorizer 1.0.0.1
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Crimson Editor" = Crimson Editor (remove only)
    "CSCLIB" = Canon Camera Support Core Library
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
    "Diablo" = Diablo
    "Disciples 2 Gold: Dark Prophecy & Rise of the Elves_is1" = Disciples 2 Gold: Dark Prophecy & Rise of the Elves
    "Disciples Gold_is1" = Disciples Gold
    "Disciples: Sacred Lands Gold Edition" = Disciples: Sacred Lands Gold Edition
    "D-Link Toolbar" = D-Link Toolbar
    "DXTXTRA" = Microsoft DirectX Transform optional components
    "Earthworm Jim" = Earthworm Jim (Remove only, requires CD)
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Easy-WebPrint" = Easy-WebPrint
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "eMusic Download Manager" = eMusic Download Manager 4.1.4
    "EOS Utility" = Canon Utilities EOS Utility
    "ESPNMotion" = ESPNMotion
    "Final Fantasy VII" = Final Fantasy VII
    "Game Maker 7.0" = Game Maker 7.0
    "Greenfoot_is1" = Greenfoot 1.5.6
    "HisDarkMajesty" = HisDarkMajesty
    "Icewind Dale" = Icewind Dale
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "LP Recorder" = LP Recorder
    "LP Ripper" = LP Ripper
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Might & Magic VI Limited Edition_is1" = Might & Magic VI Limited Edition
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "MSC" = McAfee SecurityCenter
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Musette_is1" = Musette version 2.9.14
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "oggcodecs" = oggcodecs 0.71.0946
    "OpenAL" = OpenAL
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Pronto" = Pronto 3.1.0-D
    "PunkBusterSvc" = PunkBuster Services
    "Quake2UninstallKey" = Quake II
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RCA Detective™_is1" = RCA Detective™ 2.0.0.99
    "Realms of Arkania Pack_is1" = Realms of Arkania Pack
    "RealPlayer 6.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Scratch" = Scratch
    "SearchAssist" = SearchAssist
    "Sierra Utilities" = Sierra Utilities
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SolidStateIONIE" = Solid State ION Internet Explorer Plugin
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "Steam App 10" = Counter-Strike
    "Steam App 12900" = Audiosurf
    "Steam App 130" = Half-Life: Blue Shift
    "Steam App 20" = Team Fortress Classic
    "Steam App 26800" = Braid
    "Steam App 29100" = Osmos IGF Demo
    "Steam App 400" = Portal
    "Steam App 41520" = Torchlight Editor
    "Steam App 50" = Half-Life: Opposing Force
    "Steam App 60" = Ricochet
    "Steam App 630" = Alien Swarm
    "Steam App 65900" = Sid Meier's Civilization V - Demo
    "Steam App 70" = Half-Life
    "Steam App 8400" = Geometry Wars
    "Steam App 9060" = Hexen 2
    "Steam App 92" = Codename Gordon
    "Stella_is1" = Stella 3.2.2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
    "UDK-ac249442-afb2-4955-a1cb-157e2bdd6f65" = Hazard - Journey Of Life Demo
    "UnityWebPlayer" = Unity Web Player
    "VDMSound" = VDMSound
    "Viewpoint Manager" = Viewpoint Manager (Remove Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VST Bridge_is1" = VST Bridge 1.1
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works" = Microsoft Works 4.5
    "Works99Setup" = Microsoft Works Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Diablo" = Diablo
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/19/2010 10:13:38 PM | Computer Name = D9Q76YB1 | Source = Application Hang | ID = 1002
    Description = Hanging application sumotori.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/20/2010 1:39:58 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
    Description = Termination reason code 10 [FAST_USER_SWITCH]

    Error - 10/21/2010 7:18:24 AM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
    Description = Termination reason code 10 [FAST_USER_SWITCH]

    Error - 10/21/2010 7:54:35 AM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
    Description = Termination reason code 10 [FAST_USER_SWITCH]

    Error - 10/21/2010 4:27:34 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
    Description = Termination reason code 10 [FAST_USER_SWITCH]

    Error - 10/21/2010 7:05:49 PM | Computer Name = D9Q76YB1 | Source = Application Hang | ID = 1002
    Description = Hanging application Dwarf Fortress.exe, version 0.0.0.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/22/2010 3:26:42 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
    Description = Termination reason code 10 [FAST_USER_SWITCH]

    Error - 10/22/2010 5:48:04 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,
    SystemIndex Catalog Details: A device attached to the system is not functioning.
    (0x8007001f)

    Error - 10/22/2010 5:48:04 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY GENIUS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,
    SystemIndex Catalog Details: A device attached to the system is not functioning.
    (0x8007001f)

    Error - 10/22/2010 5:49:45 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
    LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
    Catalog Details: A device attached to the system is not functioning. (0x8007001f)


    [ Cisco AnyConnect VPN Client Events ]
    Error - 3/31/2010 9:35:52 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 3/31/2010 9:35:52 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331649
    Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
    Line:
    997 Description: fatal error, stopping service

    Error - 8/27/2010 10:58:53 PM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 8/31/2010 12:15:05 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 9/21/2010 12:00:42 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    Error - 10/12/2010 3:56:12 PM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
    Description = Termination reason code 9: Client PC is shutting down.

    [ System Events ]
    Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
    The
    error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
    -secured -Embedding

    Error - 10/23/2010 12:42:29 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.


    < End of report >

  6. #6
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default OTL log

    Here is the OTL log. The Windows Installer pop up is still coming up, at this point only when I try to open an office document. I then need to click to cancel it and click to cancel Word 2010, and reclick document again and it will open.


    OTL logfile created on: 10/23/2010 8:48:05 AM - Run 1
    OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\James Collins\My Documents\Downloads
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 228.13 Gb Total Space | 154.86 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 711.68 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

    Computer Name: D9Q76YB1 | User Name: James Collins | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\James Collins\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Iomega\QuikProtect\QuikProtect.exe (Iomega Corporation)
    PRC - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    PRC - C:\Documents and Settings\James Collins\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)
    PRC - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe (EMC Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\UAService7.exe ()
    PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
    PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
    PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\James Collins\My Documents\Downloads\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
    MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\shgina.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\cfgmgr32.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\PortableDeviceApi.dll (Microsoft Corporation)
    MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
    MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (npkcmsvc) -- C:\Nexon\MapleStory\npkcmsvc.exe File not found
    SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
    SRV - (QPCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
    SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (STCAgent) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.)
    SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
    SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (RetroExp Helper) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe (EMC Corporation)
    SRV - (RetroExpLauncher) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe (EMC Corporation)
    SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
    SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (XDva279) -- C:\WINDOWS\System32\XDva279.sys File not found
    DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
    DRV - (vvqlbdup) -- C:\WINDOWS\System32\drivers\goyxxt.sys File not found
    DRV - (vcdrom) -- C:\WINDOWS\System32\drivers\VCdRom.sys File not found
    DRV - (npkcusb) -- C:\Nexon\MapleStory\npkcusb.sys File not found
    DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
    DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
    DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
    DRV - (cafd20fe-06de-444d-aff9-1c1458602f1e) -- D:\CDS300\cds300.dll File not found
    DRV - (BW2NDIS5) -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys File not found
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows (R) Win 7 DDK provider)
    DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
    DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (CSVirtA) -- C:\WINDOWS\system32\drivers\CSVirtA.sys (Cisco Systems, Inc.)
    DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
    DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
    DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
    DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
    DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
    DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
    DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
    DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
    DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
    DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
    DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
    DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
    DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
    DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
    DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
    DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
    DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
    DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
    DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061011
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=6061011
    IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "eMusic Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: :1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
    FF - prefs.js..extensions.enabledItems: :1.1.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


    FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/07/29 22:03:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/08 23:49:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/23 07:04:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/22 15:28:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/22 15:28:56 | 000,000,000 | ---D | M]

    [2008/06/24 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Extensions
    [2010/10/22 16:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions
    [2010/06/25 12:15:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/05 20:34:49 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
    [2009/08/27 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com
    [2010/01/21 17:11:52 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\searchplugins\conduit.xml
    [2010/10/22 16:55:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/03 15:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/02 07:16:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/11/01 09:18:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100915080541.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\James Collins\My Documents\RCA easyRip\EZDock.exe File not found
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
    O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TimeSink Ad Client] C:\Program Files\TimeSink\AdGateway\TSAdBot.exe File not found
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
    O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
    O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\James Collins\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: eastersealsnh.org ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([us] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab (Reg Error: Key error.)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1228396190359 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://cdn1.acclaimdownloads.com/solidstateion.cab (CSolidBrowserObj Object)
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/downloads/activex/YoYo.cab (YYGInstantPlay Control)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\AutoRun\command - "" = I:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\install\command - "" = I:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualEnglish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualFrench\command - "" = I:\rcaeasyrip_setup.exe -- File not found
    O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualSpanish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error.
    SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error.
    SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
    SafeBootNet: MpfService - Reg Error: Value error.
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
    ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
    ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
    ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
    ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/23 00:34:06 | 000,000,000 | ---D | C] -- C:\Avenger
    [2010/10/23 00:06:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/23 00:06:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/23 00:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/22 23:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
    [2010/10/16 19:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\InstantAction
    [2010/10/11 07:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
    [2010/10/10 20:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/10/10 20:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft Help
    [2010/10/09 20:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spawn
    [2010/10/09 20:03:02 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
    [2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
    [2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
    [2010/10/08 23:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/10/07 20:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
    [2010/10/07 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2010/10/07 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2010/10/07 20:38:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2010/10/05 20:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link Toolbar
    [2010/10/05 20:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
    [2010/10/05 20:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2010/10/05 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\VirtualStore
    [2010/10/02 15:16:40 | 000,000,000 | ---D | C] -- C:\Atari2600
    [2010/10/02 12:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Crimson Editor
    [2010/10/01 20:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Stella
    [2010/09/24 19:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Retrospect Catalog Files
    [2010/09/21 20:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\McAfee
    [2010/09/21 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
    [2010/09/19 09:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RetroExp
    [2010/09/19 09:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Retrospect
    [2010/09/19 09:25:31 | 000,019,384 | R--- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
    [2010/09/19 09:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
    [2010/09/14 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Processing
    [2010/09/14 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Processing
    [2010/09/12 15:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Musette
    [2010/09/11 20:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/09/10 16:56:16 | 000,049,536 | R--- | C] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\tiehdusb.sys
    [2010/09/03 16:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\TS3Client
    [2010/09/03 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
    [2010/09/02 20:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Penumbra Overture
    [2010/09/02 20:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Penumbra Overture
    [2010/09/02 07:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/09/01 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\HorizonWimba
    [2010/09/01 17:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Wimba
    [2010/08/26 20:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
    [2010/08/26 13:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/26 13:19:07 | 000,000,000 | ---D | C] -- C:\lords
    [2010/08/26 10:45:09 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010/08/26 10:45:01 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010/08/26 10:45:01 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010/08/26 10:45:01 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010/08/26 10:45:01 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010/08/26 10:45:01 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010/08/26 10:45:01 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010/08/25 18:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
    [2010/08/25 18:14:34 | 001,022,976 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SierraNW.dll
    [2010/08/25 18:14:34 | 000,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SNWValid.dll
    [2010/08/25 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
    [2010/08/25 17:17:14 | 000,000,000 | ---D | C] -- C:\Quake2
    [2010/08/22 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Intel Corporation
    [2010/08/22 21:04:41 | 000,000,000 | ---D | C] -- C:\Intel
    [2008/03/15 09:58:56 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/10/23 08:15:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/23 05:42:11 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/23 05:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/23 05:40:27 | 3219,038,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/23 00:06:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 23:39:23 | 000,005,162 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/10/22 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
    [2010/10/22 22:03:41 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
    [2010/10/22 21:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (zenjim).job
    [2010/10/22 17:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/10/22 16:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
    [2010/10/20 21:27:58 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
    [2010/10/20 20:45:24 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
    [2010/10/20 17:32:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Kindergarten Class List.doc2010-2011.doc
    [2010/10/19 21:07:57 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
    [2010/10/19 21:07:14 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
    [2010/10/19 20:25:06 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Conferences - Fall
    [2010/10/18 22:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/17 13:20:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly).job
    [2010/10/17 10:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
    [2010/10/16 14:55:21 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
    [2010/10/16 14:33:52 | 000,004,435 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
    [2010/10/16 14:20:32 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
    [2010/10/16 13:05:00 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences.dat
    [2010/10/16 12:31:13 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences2.dat
    [2010/10/16 10:30:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
    [2010/10/15 18:36:43 | 000,137,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/10/15 18:36:15 | 000,235,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2010/10/14 19:19:34 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/10/14 18:27:23 | 000,691,032 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
    [2010/10/13 21:11:51 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
    [2010/10/12 15:57:16 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/12 15:43:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/11 15:46:34 | 000,017,069 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
    [2010/10/10 08:23:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
    [2010/10/09 20:34:49 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
    [2010/10/09 20:34:49 | 000,009,969 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
    [2010/10/09 20:34:49 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
    [2010/10/08 23:03:18 | 000,506,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/08 23:03:18 | 000,096,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/08 14:54:17 | 000,187,974 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
    [2010/10/07 21:54:35 | 000,010,082 | -H-- | M] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
    [2010/10/05 22:17:22 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex__preferences3.dat
    [2010/10/03 19:44:16 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
    [2010/10/02 15:10:43 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
    [2010/10/02 12:03:24 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
    [2010/09/30 18:48:59 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
    [2010/09/30 18:27:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
    [2010/09/29 21:36:35 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
    [2010/09/28 21:21:24 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
    [2010/09/27 20:51:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
    [2010/09/27 17:00:46 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
    [2010/09/26 07:55:25 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
    [2010/09/23 17:09:13 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
    [2010/09/23 16:56:35 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collins.doc
    [2010/09/22 20:28:21 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
    [2010/09/22 18:35:02 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Anthem Movie.doc
    [2010/09/21 22:00:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
    [2010/09/21 20:53:51 | 000,011,749 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
    [2010/09/21 19:18:23 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
    [2010/09/21 17:56:34 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
    [2010/09/21 15:33:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId
    [2010/09/18 16:41:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
    [2010/09/17 21:56:02 | 000,093,340 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/14 20:35:00 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Morning Kindergarten Weekly Schedule.doc
    [2010/09/14 18:20:51 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
    [2010/09/13 20:06:12 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
    [2010/09/06 13:57:18 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
    [2010/09/05 16:54:05 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Master Grocery List.doc
    [2010/09/02 22:07:09 | 000,051,472 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
    [2010/09/02 20:17:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
    [2010/09/01 18:20:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
    [2010/09/01 17:37:23 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
    [2010/09/01 17:37:23 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
    [2010/08/30 14:18:12 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
    [2010/08/29 13:44:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
    [2010/08/27 19:18:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
    [2010/08/27 18:54:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
    [2010/08/27 18:24:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
    [2010/08/27 14:32:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
    [2010/08/27 14:15:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
    [2010/08/27 14:15:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
    [2010/08/27 13:46:56 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Odysseus Paper.doc
    [2010/08/26 20:49:48 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
    [2010/08/26 13:21:48 | 000,000,635 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
    [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010/08/20 09:33:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/10 20:28:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
    [2010/08/10 17:19:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
    [2010/07/29 22:03:31 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
    [2010/07/26 22:19:46 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/23 00:06:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 22:03:41 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
    [2010/10/20 21:27:58 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
    [2010/10/20 20:45:24 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
    [2010/10/19 21:07:57 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
    [2010/10/19 21:07:14 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
    [2010/10/16 14:55:21 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
    [2010/10/16 14:33:52 | 000,004,435 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
    [2010/10/16 14:20:32 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
    [2010/10/14 18:27:20 | 000,691,032 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
    [2010/10/11 15:46:34 | 000,017,069 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
    [2010/10/11 12:11:33 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
    [2010/10/10 08:23:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
    [2010/10/09 20:03:02 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
    [2010/10/09 20:03:01 | 000,009,969 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
    [2010/10/08 14:54:17 | 000,187,974 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
    [2010/10/07 21:54:34 | 000,010,082 | -H-- | C] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
    [2010/10/02 17:52:54 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
    [2010/10/02 12:03:24 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
    [2010/09/30 18:48:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
    [2010/09/30 18:27:38 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
    [2010/09/29 21:36:35 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
    [2010/09/27 21:18:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
    [2010/09/26 16:00:30 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
    [2010/09/26 12:38:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
    [2010/09/26 07:53:38 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
    [2010/09/23 17:09:13 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
    [2010/09/22 20:28:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
    [2010/09/22 20:07:37 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
    [2010/09/21 22:00:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
    [2010/09/21 20:53:51 | 000,011,749 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
    [2010/09/21 19:07:55 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
    [2010/09/21 15:33:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId


    Rest of report to follow -file too long.

  7. #7
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default OTL log part 2

    [2010/09/18 16:41:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
    [2010/09/17 21:56:02 | 000,093,340 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/09/14 20:35:00 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Morning Kindergarten Weekly Schedule.doc
    [2010/09/14 18:20:51 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
    [2010/09/13 20:06:12 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
    [2010/09/06 13:57:18 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
    [2010/09/05 16:54:05 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Master Grocery List.doc
    [2010/09/02 22:07:09 | 000,051,472 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
    [2010/09/02 20:17:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
    [2010/09/01 18:20:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
    [2010/09/01 17:37:23 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
    [2010/09/01 17:37:23 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
    [2010/08/30 14:18:12 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
    [2010/08/29 13:44:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
    [2010/08/27 19:18:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
    [2010/08/27 18:54:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
    [2010/08/27 18:24:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
    [2010/08/27 14:32:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
    [2010/08/27 14:15:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
    [2010/08/27 14:15:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
    [2010/08/27 13:46:56 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Odysseus Paper.doc
    [2010/08/26 20:49:48 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
    [2010/08/26 13:21:48 | 000,000,635 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
    [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010/08/20 09:33:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/08/10 20:28:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
    [2010/08/10 17:19:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
    [2010/07/29 22:03:31 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
    [2010/07/26 22:19:46 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk

    ========== Files Created - No Company Name ==========

    [2010/10/23 00:06:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/22 22:03:41 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
    [2010/10/20 21:27:58 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
    [2010/10/20 20:45:24 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
    [2010/10/19 21:07:57 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
    [2010/10/19 21:07:14 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
    [2010/10/16 14:55:21 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
    [2010/10/16 14:33:52 | 000,004,435 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
    [2010/10/16 14:20:32 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
    [2010/10/14 18:27:20 | 000,691,032 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
    [2010/10/11 15:46:34 | 000,017,069 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
    [2010/10/11 12:11:33 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
    [2010/10/10 08:23:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
    [2010/10/09 20:03:02 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
    [2010/10/09 20:03:01 | 000,009,969 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
    [2010/10/08 14:54:17 | 000,187,974 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
    [2010/10/07 21:54:34 | 000,010,082 | -H-- | C] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
    [2010/10/02 17:52:54 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
    [2010/10/02 12:03:24 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
    [2010/09/30 18:48:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
    [2010/09/30 18:27:38 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
    [2010/09/29 21:36:35 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
    [2010/09/27 21:18:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
    [2010/09/26 16:00:30 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
    [2010/09/26 12:38:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
    [2010/09/26 07:53:38 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
    [2010/09/23 17:09:13 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
    [2010/09/22 20:28:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
    [2010/09/22 20:07:37 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
    [2010/09/21 22:00:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
    [2010/09/21 20:53:51 | 000,011,749 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
    [2010/09/21 19:07:55 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
    [2010/09/21 15:33:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId
    [2010/09/18 16:41:33 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
    [2010/09/18 10:30:44 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Anthem Movie.doc
    [2010/09/14 18:20:51 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
    [2010/09/13 20:06:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
    [2010/09/02 22:07:09 | 000,051,472 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
    [2010/09/01 18:20:38 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
    [2010/09/01 17:37:23 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
    [2010/09/01 17:37:23 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
    [2010/08/29 13:44:45 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
    [2010/08/29 07:56:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Kindergarten Class List.doc2010-2011.doc
    [2010/08/28 17:05:39 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
    [2010/08/27 17:36:58 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
    [2010/08/26 23:00:36 | 000,246,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/23 18:08:13 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
    [2010/08/16 16:56:35 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
    [2010/08/15 11:46:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
    [2010/08/12 17:50:28 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
    [2010/08/12 16:21:22 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
    [2010/08/11 18:40:50 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collins.doc
    [2010/08/10 20:17:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
    [2010/08/10 17:19:55 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
    [2010/08/08 12:41:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
    [2010/07/29 22:03:31 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
    [2010/07/29 17:33:21 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
    [2010/07/26 22:19:46 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk
    [2010/07/24 14:34:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_12.bmp
    [2010/07/24 14:32:17 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_11.bmp
    [2010/07/23 19:33:40 | 001,327,158 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_10.bmp
    [2010/07/20 18:13:39 | 1874,384,736 | ---- | C] () -- C:\Program Files\MSSetupv87.exe
    [2009/10/30 12:56:28 | 000,085,504 | ---- | C] () -- C:\Program Files\Inherit.exe
    [2009/08/30 20:34:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_9.bmp
    [2009/08/03 08:59:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
    [2009/07/30 09:34:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mk4vc60.dll
    [2008/11/24 16:56:24 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
    [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/10/05 10:33:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_8.bmp
    [2008/08/16 10:03:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_7.bmp
    [2008/06/22 21:20:54 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_6.bmp
    [2008/05/26 09:13:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2008/05/26 09:11:33 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\James Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/29 21:48:41 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1ssg.ini
    [2008/03/11 16:40:46 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2008/03/11 16:40:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\PnkBstrK.sys
    [2008/03/05 20:28:15 | 000,000,253 | ---- | C] () -- C:\WINDOWS\CREATOR.INI
    [2008/03/02 17:41:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Darkstone.INI
    [2008/03/02 17:36:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
    [2008/01/12 10:51:12 | 000,000,155 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2008/01/12 10:29:25 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
    [2007/11/22 09:49:54 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_5.bmp
    [2007/11/15 21:12:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/08/20 08:10:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
    [2007/07/17 09:00:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2007/07/17 09:00:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2007/07/17 09:00:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2007/07/17 08:59:59 | 000,000,635 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2007/07/08 21:41:35 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_4.bmp
    [2007/07/08 21:40:20 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_3.bmp
    [2007/06/20 17:50:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2007/05/20 12:45:29 | 000,009,008 | ---- | C] () -- C:\WINDOWS\wizards.ini
    [2007/05/11 21:10:53 | 003,632,694 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_2.bmp
    [2007/05/11 20:32:14 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_1.bmp
    [2007/02/09 16:35:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2007/01/24 19:00:17 | 000,005,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/12/15 20:40:09 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper.bmp
    [2006/11/12 17:21:46 | 000,000,178 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
    [2006/11/05 09:59:47 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2006/11/04 19:49:27 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
    [2006/10/21 10:25:21 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\dvd.bmk
    [2006/10/19 22:19:56 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/10/19 22:19:56 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8B0739B6A5.sys
    [2006/10/19 21:06:56 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2006/10/18 10:24:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
    [2006/10/18 09:38:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
    [2006/10/18 09:11:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\James Collins\Local Settings\Application Data\fusioncache.dat
    [2006/10/11 20:08:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/10/11 20:01:04 | 000,005,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/10/11 19:54:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/10/11 19:26:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

    ========== LOP Check ==========

    [2008/10/17 15:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
    [2008/03/02 22:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
    [2006/10/18 10:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/02/20 15:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2010/02/20 23:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2010/10/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
    [2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2008/06/02 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
    [2008/01/24 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Earthsim
    [2009/12/06 20:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/08/26 20:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
    [2009/03/21 21:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
    [2008/08/28 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/19 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2006/10/20 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2009/11/14 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    [2008/12/07 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2008/12/07 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2010/07/28 16:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/10/23 08:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
    [2006/10/18 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/07/21 19:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2008/12/07 10:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/10/10 08:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/06/05 15:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
    [2007/04/12 19:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/07/28 20:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
    [2009/03/18 15:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/06/29 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 16:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/09/20 16:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\.minecraft
    [2008/09/27 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Amazon
    [2009/09/12 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Braid
    [2010/05/20 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Canon
    [2006/11/12 23:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ChessBase
    [2010/02/20 15:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Cisco
    [2010/04/20 16:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Dev-Cpp
    [2008/01/24 11:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Earthsim
    [2010/03/29 09:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\eMusic
    [2010/06/22 08:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\GetRightToGo
    [2010/01/20 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\GR Games
    [2008/08/14 18:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\gtk-2.0
    [2010/09/01 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\HorizonWimba
    [2009/08/03 09:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ICAClient
    [2009/07/03 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\id Software
    [2010/10/16 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\InstantAction
    [2010/06/05 17:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Lala Music Mover
    [2006/11/04 19:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Leadertech
    [2008/05/16 17:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\LEGO Company
    [2008/01/01 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\My Games
    [2006/10/20 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Otto
    [2010/06/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\OverDrive
    [2009/11/14 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\PACE Anti-Piracy
    [2010/06/23 13:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\PirateGalaxy
    [2010/09/14 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Processing
    [2009/11/04 20:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\runic games
    [2006/11/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ScamBlocker
    [2006/10/18 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ScanSoft
    [2009/10/01 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Sony
    [2009/10/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Sony Setup
    [2010/10/01 20:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Stella
    [2009/06/11 23:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\The Path
    [2010/09/03 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\TS3Client
    [2009/07/02 08:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Uniblue
    [2009/11/14 18:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Unity
    [2007/03/09 20:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Viewpoint
    [2010/10/05 19:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\VirtualStore
    [2009/03/08 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Windows Desktop Search
    [2009/03/23 09:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Windows Search
    [2010/10/17 13:20:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (Weekly).job
    [2010/10/22 21:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (zenjim).job
    [2010/10/17 10:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
    [2010/10/22 16:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
    [2010/10/22 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
    [2010/06/17 04:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
    [2010/10/16 10:30:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/02/20 23:43:20 | 000,122,147 | ---- | M] () -- C:\aaw7boot.log
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/10/23 00:34:09 | 000,000,638 | ---- | M] () -- C:\avenger.txt
    [2007/11/09 02:18:17 | 000,533,208 | ---- | M] ( ) -- C:\bonesaw.exe
    [2009/02/15 17:51:47 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2009/11/26 12:13:38 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/09/21 17:56:39 | 000,001,236 | ---- | M] () -- C:\debug.log
    [2009/09/22 20:01:34 | 000,035,931 | ---- | M] () -- C:\debugfile.txt
    [2006/10/11 19:31:48 | 000,006,919 | RH-- | M] () -- C:\dell.sdr
    [2008/03/29 21:48:06 | 000,000,183 | ---- | M] () -- C:\DownloadLog.txt
    [2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
    [2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
    [2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
    [2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
    [2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
    [2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
    [2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
    [2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
    [2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
    [2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
    [2007/12/20 21:43:23 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
    [2007/12/20 21:43:23 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/10/23 05:40:27 | 3219,038,208 | -HS- | M] () -- C:\hiberfil.sys
    [2006/10/19 22:16:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2007/05/30 16:42:44 | 000,002,891 | -H-- | M] () -- C:\IPH.PH
    [2009/10/30 17:48:58 | 000,057,768 | ---- | M] () -- C:\log.txt
    [2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/26 06:13:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/23 05:40:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/10 18:52:45 | 000,000,000 | ---- | M] () -- C:\report.txt
    [2006/10/11 19:56:14 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/05/01 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD87.DLL
    [2006/05/01 13:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP87.DLL
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/10/30 12:56:29 | 000,085,504 | ---- | M] () -- C:\Program Files\Inherit.exe
    [2010/07/20 18:51:36 | 1874,384,736 | ---- | M] () -- C:\Program Files\MSSetupv87.exe
    [2008/03/15 09:58:28 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
    [2006/10/19 21:06:56 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/26 06:18:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >
    [2006/10/11 19:51:00 | 000,492,096 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/12/04 10:14:09 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/08/26 19:57:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2009/02/24 22:37:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\James Collins\Desktop\ATF-Cleaner.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/04/20 17:04:09 | 000,474,990 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Untitled1.exe

    < %USERPROFILE%\*.exe >
    [2010/02/20 23:09:06 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\James Collins\GoToAssistDownloadHelper.exe

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/08/26 19:57:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\James Collins\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/23 08:44:15 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\James Collins\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.exe >
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < %USERPROFILE%\Templates\*.tmp >

    < %SYSTEMDRIVE%\explorexxx.exe\*.* >

    < %Windir%\Installer\*.tmp >
    [2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\System32\*.xco >

    < %ProgramFiles%\system32\*.* >

    < %systemroot%\System32\windos\*.* >

    < %SystemRoot%\system32\sandbox\*.* >

    < %SystemRoot%\system32\*.amo >

    < %SystemRoot%\system32\Windows Live\*.* >

    < %ProgramFiles%\logs\*.* >

    < %ProgramFiles%\Bifrost\*.* >

    < %SystemRoot%\system32\*.goo >

    < %systemroot%\system32\IME\*.* >

    < %systemroot%\BackUp\*.* >

    < %systemroot%\system32\*.ico >

    < %systemroot%\system\*.dat >

    < %systemroot%\system\*.exe >

    < %AppData%\Macromedia\Common\*.* >

    < %SYSTEMDRIVE%\dir\*.* /s >

    < %systemroot%\system32\ras\*.exe >

    < %SYSTEMDRIVE%\MFILES\*.* >

    < %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

    < %systemroot%\system32\services\*.* >

    < %systemroot%\Spooler\*.* >

    < %ProgramFiles%\system32\*.* >

    < %systemroot%\system32\Setup\*.dll /x >

    < %systemroot%\system32\*.mine >

    < %SYSTEMDRIVE%\cleansweep.exe\*.* >

    < %systemroot%\system32\ras\*.dll >

    < %systemroot%\system32\ras\*.drv >

    < %systemroot%\*.iq >

    < %systemroot%\system32\XP\*.* >

    < %SYSTEMDRIVE%\Extracted\*.* >

    < %systemroot%\system32\windows\*.* >

    < %systemroot%\logs\*.* >
    [2010/09/23 20:17:52 | 000,536,218 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log
    [2010/09/23 20:17:17 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Logs\DXError.log

  8. #8
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default OTL log part 3

    < %SYSTEMDRIVE%\Win.Msi\*.* >

    < %systemroot%\regedit\*.* >

    < %systemroot%\system32\skype\*.* >

    < %AppData%\Adobe\dlluplwin25\*.* >

    < %UserProfile%\*.dat >
    [2010/10/16 13:05:00 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences.dat
    [2010/10/16 12:31:13 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences2.dat
    [2010/10/05 22:17:22 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex__preferences3.dat
    [2010/10/23 08:43:22 | 014,942,208 | ---- | M] () -- C:\Documents and Settings\James Collins\ntuser.dat

    < %UserProfile%\*.dll >

    < %systemroot%\system32\*.sxo >

    < %SYSTEMDRIVE%\Gazma\*.* /s >

    < %systemroot%\system32\spynet\*.* >

    < %systemroot%\system32\System\*.* >

    < %appdata%\Microsoft\Windows\*.* >

    < %systemroot%\system32\WinDir\*.* >

    < %systemroot%\_\*.* >

    < %systemroot%\system32\windows32\*.* >

    < %ProgramFiles%\win\*.* >

    < %AppData%\Microsoft\CD Burning\*.* >

    < %systemroot%\*.cab >

    < %systemroot%\K.Backup\*.* >

    < %ProgramFiles%\Massenger\*.* >

    < %systemroot%\System32\*.doc >

    < %systemroot%\Office12\*.* >

    < %systemroot%\System32\Rundl32.exe\*.* >

    < %ProgramFiles%\yahoo.net\*.* >

    < %systemroot%\system32\*.igo >

    < %systemroot%\*.rew >

    < %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
    [2006/05/01 13:00:00 | 000,006,144 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE87.EXE

    < %USERPROFILE%\.COMMgr\*.* >

    < %USERPROFILE%\Desktop\*.bat >

    < %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
    [2007/01/12 00:33:05 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
    [2007/01/12 00:33:05 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
    [2007/01/12 00:33:05 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
    [2007/01/12 00:33:05 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
    [2007/01/12 00:33:05 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

    < %PROGRAMFILES%\Internet Explorer\*.Jmp >

    < %PROGRAMFILES%\Windows NT\system\*.dll >

    < %systemroot%\system32\*.ext >

    < %systemroot%\system32\Com\*.cfg >

    < %systemroot%\system32\btz\*.* >

    < %systemroot%\system32\EMP\*.* >

    < %systemroot%\system32\expo\*.* >

    < %systemroot%\system32\inet2\*.* >

    < %systemroot%\system32\xrem\*.* >

    < %ProgramFiles%\Microsoft\*.* >

    < %systemroot%\usgwmt\*.* >

    < %ProgramFiles%\B\*.* >

    < %SYSTEMDRIVE%\lspp\*.* >

    < %systemroot%\Kral\*.* >

    < %SYSTEMDRIVE%\windowsdvd.exe\*.* >

    < %systemroot%\system32\*.ipo >

    < %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

    < %systemroot%\system32\*.mof >

    < %systemroot%\*.atm >

    < %systemroot%\system32\svhost\*.* >

    < %ProgramFiles%\system32\*.* >

    < %ProgramFiles%\Docmentt\*.* >

    < %systemroot%\Help\*.vbs >

    < %ProgramFiles%\Windows WinSxs\*.* /s >

    < %ProgramFiles%\Outlook Express\IDT\*.* /s >

    < %ProgramFiles%\Microsoft Office\365\*.* /s >

    < %ProgramFiles%\Windows Live\*.* >

    < %systemroot%\system32\win32\*.* >

    < %SYSTEMDRIVE%\RECYCLER\*.* >

    < %systemroot%\Fresh1\*.* >

    < %ProgramFiles%\Kekj\*.* /s >

    < %systemroot%\GDU\*.* >

    < %systemroot%\KA\*.* >

    < %systemroot%\R\*.* >

    < %systemroot%\system32\*.fyo >

    < %USERPROFILE%\System\*.* >

    < %systemroot%\Source\*.* >

    < %systemroot%\system32\ac\*.* >

    < %ProgramFiles%\MSDN\*.* >

    < %AppData%\AdobeUM\winvcldll54\*.* /s >

    < %ProgramFiles%\Internet Explorer\*.ico >

    < %systemroot%\system32\*.ojo >

    < %systemroot%\system32\d323s\*.* >

    < %systemroot%\system32\re\*.* >

    < %UserProfile%\Microsoft\*.dll >

    < %UserProfile%\Microsoft\*.log >

    < %systemroot%\Bios\*.* >

    < %ProgramFiles%\Spool\*.* >

    < %ProgramFiles%\promp3\*.* >

    < %SYSTEMDRIVE%\Driver\*.* /s >

    < %SYSTEMDRIVE%\inetserver.exe\*.* >

    < %systemroot%\java\trustlib\*.* >

    < %ProgramFiles%\Common Files\designer\*.exe >

    < %ProgramFiles%\*. >
    [2008/09/15 15:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\001
    [2008/09/09 15:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
    [2010/01/13 08:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009/07/31 14:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adventure 2600 Reboot
    [2009/07/27 09:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\AGD Interactive
    [2010/03/12 18:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
    [2009/08/22 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Algodoo Phun Edition
    [2008/09/27 20:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
    [2009/06/22 10:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\And Yet It Moves Demo
    [2009/08/22 11:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
    [2010/06/29 13:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2010/05/21 16:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Aquaria
    [2009/01/03 20:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\AquariaDemo
    [2006/10/18 10:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
    [2009/10/24 14:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
    [2010/10/22 23:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
    [2010/09/01 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
    [2006/10/11 20:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
    [2008/07/09 17:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Baldur's Gate 2 Demo
    [2009/08/22 11:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Ben There Dan That
    [2006/10/21 17:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
    [2008/07/09 17:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Black Isle
    [2010/06/29 13:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
    [2010/06/05 17:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
    [2006/10/28 16:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
    [2006/10/18 10:20:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
    [2010/09/03 09:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\Cave Story Deluxe
    [2006/11/12 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\ChessBase
    [2010/02/20 15:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
    [2009/06/29 08:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
    [2010/02/20 23:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
    [2008/03/19 19:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\City of Heroes
    [2008/08/24 11:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Cloud
    [2007/05/15 17:36:29 | 000,000,000 | ---D | M] -- C:\Program Files\Colorizer
    [2008/12/07 09:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Commando Xenidis
    [2010/10/10 20:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2005/08/16 04:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2006/10/11 19:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2006/10/11 19:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
    [2010/06/05 17:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
    [2009/02/17 19:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Crayon Physics Deluxe Demo
    [2010/10/02 12:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Crimson Editor
    [2010/10/05 20:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link Toolbar
    [2008/11/07 22:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\Data Realms
    [2008/12/07 10:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\De Blob
    [2008/12/07 09:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Death Illustrated
    [2009/01/01 17:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
    [2006/10/11 20:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
    [2008/12/07 10:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
    [2006/10/11 19:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
    [2008/01/29 16:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\DIGStream
    [2007/07/17 08:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\directx
    [2010/10/10 19:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.73
    [2009/07/30 09:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\DROD
    [2010/05/31 13:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\DTF
    [2009/06/22 10:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dyson
    [2009/04/28 15:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
    [2007/01/01 19:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink TotalAccess
    [2009/08/22 11:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
    [2009/06/22 10:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\Egoboo
    [2010/07/29 22:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
    [2005/08/16 20:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
    [2009/10/25 09:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
    [2005/08/16 20:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
    [2006/12/28 19:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
    [2008/12/07 10:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Frets on Fire
    [2008/07/23 20:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Funcom
    [2009/04/02 06:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\GALA-NET
    [2008/09/27 21:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\GamesCampus
    [2008/12/07 10:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
    [2009/07/20 11:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Game_Maker7
    [2009/01/03 20:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
    [2009/01/03 20:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Glow
    [2010/08/17 17:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\GOG.com
    [2010/06/05 17:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2010/06/22 11:17:03 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
    [2010/05/21 19:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\HisDarkMajesty
    [2008/06/04 20:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
    [2008/09/27 21:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames Interactive
    [2010/10/09 16:45:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/08/22 21:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2006/10/11 19:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
    [2010/10/12 15:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/09/19 09:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Iomega
    [2010/06/29 13:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
    [2010/06/29 13:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
    [2010/09/02 07:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2007/07/17 08:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\KONAMI Software
    [2009/01/03 20:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
    [2007/07/18 14:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Media
    [2010/09/03 22:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\LP Recorder
    [2007/08/19 11:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\LP Ripper
    [2009/01/03 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
    [2009/01/03 20:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Magebane2
    [2010/10/23 00:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2007/08/20 08:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Media
    [2010/09/21 20:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
    [2010/06/27 10:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
    [2010/08/27 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
    [2008/08/26 06:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2010/10/08 23:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2006/11/04 08:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Agent
    [2010/10/07 20:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
    [2008/12/07 10:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2010/03/07 11:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
    [2005/08/16 04:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2009/01/03 20:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2010/10/07 20:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2006/10/11 19:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
    [2006/10/11 19:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
    [2010/10/18 22:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2006/10/11 19:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2010/10/08 23:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2006/10/21 17:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 99
    [2009/08/01 09:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
    [2010/10/08 23:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2006/10/11 19:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
    [2010/08/11 23:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2010/10/22 23:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2009/03/08 14:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/01/12 23:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2005/08/16 04:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
    [2005/08/16 04:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2006/10/21 17:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSWorks
    [2006/11/19 22:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2010/09/12 15:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Musette
    [2009/08/22 11:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\MusicLab
    [2008/04/13 20:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
    [2009/06/22 10:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\NCSoft
    [2007/07/13 20:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
    [2008/08/26 06:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2006/10/11 19:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
    [2008/10/28 16:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Notrium
    [2008/04/13 20:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2009/03/21 21:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
    [2009/01/03 20:33:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outbreak
    [2010/05/12 08:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2010/06/28 10:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\OverDrive Media Console
    [2009/04/05 17:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
    [2009/07/02 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pekka Kana 2
    [2009/01/03 20:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\PentaFlux
    [2010/09/18 14:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Penumbra Overture
    [2009/01/04 16:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect World Entertainment
    [2009/01/03 20:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Phun
    [2009/08/22 11:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Polychromatic Funk Monkey
    [2008/10/26 08:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
    [2010/06/29 13:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2008/03/15 09:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2009/03/08 14:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2008/10/12 21:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
    [2010/09/19 09:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
    [2010/05/06 22:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
    [2009/01/03 20:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\ROM CHECK FAIL
    [2009/10/24 16:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2009/01/03 20:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
    [2010/05/09 11:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Samorost2
    [2006/10/18 10:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
    [2010/06/12 13:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Scratch
    [2010/08/25 18:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
    [2006/10/11 19:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
    [2006/10/11 20:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
    [2010/08/12 16:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
    [2010/09/21 17:55:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Media Go Install
    [2009/06/02 21:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
    [2010/06/05 17:47:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sparkplay Media
    [2010/10/09 20:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Spawn
    [2009/08/22 11:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Spooky Castle
    [2010/04/02 17:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2010/10/10 08:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
    [2010/06/05 17:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
    [2010/10/01 20:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Stella
    [2009/01/03 20:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Strange Attractors 2
    [2007/11/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Strategy First
    [2009/06/22 10:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Supreme Demo
    [2009/01/03 20:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Swarm Racer
    [2008/11/22 19:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Tale of Tales
    [2010/09/03 16:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
    [2009/08/22 11:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Telltale Games
    [2008/04/13 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
    [2009/02/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Three Rings Design
    [2010/07/22 21:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\Totally Tiny Arcade
    [2009/02/21 16:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
    [2010/06/05 17:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
    [2009/06/22 10:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Twisted Pixel
    [2005/08/16 04:50:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2010/06/05 17:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
    [2008/09/27 19:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\VDMSound
    [2007/04/12 19:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
    [2009/09/20 14:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
    [2006/10/11 19:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
    [2010/09/01 17:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Wimba
    [2010/05/31 13:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
    [2009/06/09 22:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
    [2007/01/20 13:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2007/01/20 13:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2008/08/26 06:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2005/08/16 04:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
    [2009/11/14 18:44:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
    [2010/09/11 20:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2008/08/21 11:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Wizards of the Coast
    [2010/05/05 19:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\WorldOfGoo
    [2005/08/16 04:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2009/01/03 20:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
    [2009/01/03 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\ZC2.10

    < %systemroot%\system32\*.tso >

    < %ALLUSERSPROFILE%\Documents\Server\*.* >

    < %systemroot%\*.pif >
    [2010/10/09 20:34:49 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
    [2004/08/10 05:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

    < %systemroot%\system32\n7533\*.* >

    < %systemroot%\Us18336\*.* >

    < %systemroot%\system32\*.zip >

    < %systemroot%\system32\*.wgo >

    < %systemroot%\system32\dllcache\*.com >

    < %systemroot%\system32\dllchache\*.* >

    < %systemroot%\system32\038840\*.* >

    < %systemroot%\system32\13E92A\*.* >

    < %systemroot%\system32\1CB5AD\*.* >

    < %systemroot%\system32\52682A\*.* >

    < %USERPROFILE%\My Documents\*.htm >

    < %SYSTEMDRIVE%\Mr_CF\*.* >

    < %USERPROFILE%\My Documents\*.dll >

    < %USERPROFILE%\My Documents\*.ccc >

    < %systemroot%\system32\Sis\*.* >

    < %systemroot%\Microsft\*.* >

    < %SYSTEMDRIVE%\driverwinx.exe\*.* >

    < %systemroot%\BifroXx\*.* >

    < %SYSTEMDRIVE%\TSTP\*.* >

    < %systemroot%\winsn\*.* >

    < %ProgramFiles%\windata\*.* >

    < %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

    < %systemroot%\system32\*.sao >

    < %systemroot%\system32\*.iem >

    < %systemroot%\system32\*.mdd >

    < %systemroot%\system32\*.wlo >

    < %systemroot%\system32\*.skn >

    < %SYSTEMDRIVE%\Winup\*.* >

    < %SYSTEMDRIVE%\test\*.* >

    < %systemroot%\system32\med\*.* >

    < %systemroot%\Bifrost\*.* >

    < %systemroot%\system32\explorer.exe\*.* >

    < %UserProfile%\UserData\*.dat /x >

    < %SYSTEMDRIVE%\Arquivo de programas\*.* >

    < %ProgramFiles%\tcpview\*.* >

    < %systemroot%\system32\*.lyo >

    < %ProgramFiles%\huanbang2\*.* >

    < %systemroot%\winhuanbang\*.* >

    < %systemroot%\minrsv.ini\*.* >

    < %systemroot%\assembly\GAC\*.* >

    < %AppData%\Adobe\crtmswin91\*.* >

    < %ProgramFiles%\Windows NT\Accessories\*.exe >
    [2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

    < %systemroot%\system32\*.pdo >

    < %SYSTEMDRIVE%\APPDATASH\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-12 19:44:05

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 949 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:oPhYZIJ3SwQ2H9ln3G
    @Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BC7E6BA
    @Alternate Data Stream - 1166 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VAVTpNVQ3SvqtskVATukE
    @Alternate Data Stream - 1145 bytes -> C:\Program Files\Common Files\System:og3C3uS13nUFIlEOeO5LiZnXF3
    @Alternate Data Stream - 1066 bytes -> C:\Documents and Settings\James Collins\Cookies:rX1eneHKGZnELaNG4ps6

    < End of report >

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,820

    Default

    Hi,

    I am not really looking at anything earth shattering on your log.

    Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.



    You need to enable windows to show all files and folders, instructions Here

    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


    C:\WINDOWS\System32\drivers\goyxxt.sys <--This file

    If the site is busy you can try this one

    http://virusscan.jotti.org/en






    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic




    That windows installer problem may just be a plain old windows problem, lets see what then next two scans find and if there clean I can link you to a windows forum to resolve the installer problem
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default Log

    Following is Eset scan log.

    Followed directions to show all hidden files, but could not find goyxxt.sys in C:\WINDOWS\Sytem32\drivers\ so did not run VirusTotal program.

    Thank you.

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=c21d944186afb548acd77a53cb95f714
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-25 03:28:57
    # local_time=2010-10-24 11:28:57 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 52635321 52635321 0 0
    # compatibility_mode=5121 16777173 100 75 0 17119967 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=285070
    # found=2
    # cleaned=2
    # scan_time=11489
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP334\A0072450.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •