OTL logfile created on: 8/27/2009 11:37:09 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Gerald\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.09 Mb Total Physical Memory | 589.12 Mb Available Physical Memory | 57.64% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 283.42 Gb Free Space | 95.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 250.95 Mb Total Space | 169.93 Mb Free Space | 67.71% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BARKEYS-1BA1A60
Current User Name: Gerald
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\LDCM\bin\IIDS.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\cba\pds.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\LDCM\Bin\USM.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\System32\cba\xfr.exe (Intel Corporation)
PRC - C:\Program Files\Intel\LDCM\bin\ssm.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\MsgSys.EXE (Intel Corporation)
PRC - C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\dlcxcoms.exe ( )
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - c:\program files\logitech\quickcam\lu\lulnchr.exe (Logitech, Inc.)
PRC - c:\program files\logitech\quickcam\lu\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Documents and Settings\Gerald\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ddnsfilter [Auto | Start_Pending]) -- C:\Program Files\DDnsFilter\DDnsFilter.dll ()
SRV - (dlcx_device [On_Demand | Running]) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Intel File Transfer [Auto | Running]) -- C:\WINDOWS\System32\cba\xfr.exe (Intel Corporation)
SRV - (Intel IIDS [Auto | Running]) -- C:\Program Files\Intel\LDCM\bin\IIDS.exe (Intel Corporation)
SRV - (Intel PDS [Auto | Running]) -- C:\WINDOWS\System32\cba\pds.exe (Intel Corporation)
SRV - (Intel SSM [Auto | Running]) -- C:\Program Files\Intel\LDCM\bin\ssm.exe (Intel Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVCOMSer [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [Disabled | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TMA Distribution [Auto | Stopped]) -- C:\WINDOWS\System32\cba\lcfinst.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (DnsFilter [System | Running]) -- C:\WINDOWS\System32\drivers\DnsFilter.sys (DnsFilter)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (McPvDrv [Boot | Running]) -- C:\WINDOWS\System32\drivers\McPvDrv.sys (McAfee)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Sensaura)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\S-1-5-21-1993962763-1844823847-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/06/24 21:15:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 13:16:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/22 16:22:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 11:33:25 | 00,000,000 | ---D | M]
[2008/09/15 19:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gerald\Application Data\mozilla\Extensions
[2008/09/15 19:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gerald\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/09/15 19:32:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gerald\Application Data\mozilla\Firefox\Profiles\j4roggp3.default\extensions
[2009/08/27 22:54:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/19 17:23:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/22 15:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/09/22 11:11:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/12 13:16:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/06/13 17:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/19 17:23:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/19 17:23:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/04 11:33:23 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/15 00:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/03 01:21:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/03 01:21:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/03 01:21:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/03 01:21:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/03 01:21:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/03 01:21:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/03 01:21:17 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/04/17 18:54:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/17 18:54:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/17 18:54:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/17 18:54:15 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/17 18:54:15 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/17 18:54:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/17 18:54:15 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (325885 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Avance Logic, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe (Intel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1993962763-1844823847-725345543-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/06 23:41:21 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[5 C:\WINDOWS\*.tmp files]
[2009/08/27 23:35:33 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gerald\Desktop\OTL.exe
[2009/08/26 15:18:44 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\Gerald\Desktop\Shortcut to SDMain.lnk
[2009/08/26 13:56:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/26 13:56:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/26 13:51:49 | 15,794,880 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gerald\Desktop\drweb-cureit.exe
[2009/08/26 13:50:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/25 13:52:50 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Gerald\Desktop\Win32kDiag.exe
[2009/08/25 10:36:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gerald\Desktop\HostsXpert
[2009/08/25 10:36:16 | 00,353,485 | ---- | C] () -- C:\Documents and Settings\Gerald\Desktop\HostsXpert.zip
[2009/08/25 10:21:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/25 10:19:06 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Gerald\Desktop\spybotsd162.exe
[2009/08/24 14:32:08 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/24 14:23:03 | 03,183,434 | R--- | C] () -- C:\Documents and Settings\Gerald\Desktop\ComboFix.exe
[2009/08/24 11:50:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gerald\Desktop\gmer
[2009/08/24 11:49:45 | 00,280,282 | ---- | C] () -- C:\Documents and Settings\Gerald\Desktop\gmer.zip
[2009/08/22 16:41:28 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Gerald\Desktop\HijackThis.lnk
[2009/08/22 16:41:10 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gerald\Desktop\HJTInstall.exe
[2009/08/22 15:11:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/22 15:11:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/08/22 15:11:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/22 14:46:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/22 14:04:00 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/22 14:04:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/22 14:04:00 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/22 14:04:00 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/22 14:03:59 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/22 14:03:59 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/22 14:03:59 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/22 14:03:59 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/22 14:03:59 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/22 14:03:59 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/22 14:03:59 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/22 14:03:59 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/22 14:03:59 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/22 14:03:59 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/22 14:03:59 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/22 14:03:59 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/22 14:03:59 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/22 14:03:59 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/22 14:03:59 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/22 14:03:59 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/22 14:03:59 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/22 14:03:59 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/22 14:03:59 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/22 14:03:59 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/22 14:03:59 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/22 14:03:59 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/22 14:03:59 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\MsPMSNSv.dll
[2009/08/22 14:03:59 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/22 14:03:59 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/22 14:03:59 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/22 14:03:59 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/22 14:03:59 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/22 14:03:58 | 03,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/22 14:03:58 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/22 14:03:58 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/22 14:03:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/22 14:03:58 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/22 14:03:58 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/22 14:03:58 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/22 14:03:58 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/22 14:03:58 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/22 14:03:58 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/22 14:03:58 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/22 14:03:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/22 14:03:58 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/22 14:03:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/22 14:03:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/22 14:03:58 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/22 14:03:58 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/22 14:03:57 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/22 14:03:57 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/22 14:03:57 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/22 14:03:57 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/22 14:03:57 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/22 14:03:57 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/22 14:03:57 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/22 14:03:57 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/22 14:03:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/22 13:55:51 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/08/22 13:55:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/22 13:55:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/22 13:53:54 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/22 13:53:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/22 13:53:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/22 13:53:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/22 13:53:54 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/22 13:53:54 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/22 13:53:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/22 13:53:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/22 13:35:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/22 13:35:26 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/22 12:45:08 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/22 12:29:23 | 00,564,512 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/22 12:29:23 | 00,030,240 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/22 12:29:23 | 00,008,636 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/22 12:29:23 | 00,003,884 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/22 12:29:04 | 00,002,719 | ---- | C] () -- C:\rollback.ini
[2009/08/22 12:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/08/22 12:05:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gerald\Local Settings\Application Data\Downloaded Installations
[2009/08/22 09:07:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gerald\Application Data\Malwarebytes
[2009/08/22 09:07:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/22 08:54:02 | 03,550,592 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Gerald\Desktop\iexplore.exe.exe
[2009/08/22 08:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/08/20 19:37:27 | 00,000,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/08/20 19:10:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/08/20 19:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/08/20 19:07:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/08/19 23:24:32 | 00,048,544 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/19 17:25:05 | 00,038,016 | ---- | C] (DnsFilter) -- C:\WINDOWS\System32\drivers\DnsFilter.sys
[2009/08/19 17:25:05 | 00,000,000 | ---D | C] -- C:\Program Files\DDnsFilter
[2009/08/19 13:18:30 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\mmsmark2.dat
[2009/08/19 12:18:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\vkl_1250702287
[2009/08/18 11:57:12 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0535251103110107106.yux
[2009/08/18 10:45:19 | 00,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/02/22 15:05:53 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/10/21 22:59:41 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\93E3FA1EED.sys
[2008/10/21 22:59:36 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/09/08 13:11:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2008/09/08 13:11:32 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/09/08 13:11:14 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2008/09/08 13:11:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2008/09/08 13:11:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2008/09/08 13:06:13 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/09/08 13:06:13 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/09/08 13:05:28 | 00,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2008/09/08 13:05:28 | 00,450,560 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2008/09/08 13:05:28 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2008/09/08 13:05:28 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2008/09/08 13:05:28 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/09/08 13:05:27 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2008/09/08 13:05:27 | 00,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2008/09/08 13:05:27 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2008/09/08 13:05:27 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2008/09/08 13:05:27 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2008/09/08 13:05:27 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2008/09/08 13:05:27 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2008/09/08 13:05:27 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2008/09/08 13:05:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2008/09/08 13:05:26 | 00,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2008/09/08 13:05:26 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2008/09/08 13:05:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2008/09/08 13:05:25 | 00,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2008/09/08 13:05:25 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2008/09/08 13:05:25 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2008/09/08 13:05:25 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2008/09/08 13:05:25 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2008/09/08 12:36:37 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2008/09/08 12:36:36 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/09/08 12:24:48 | 00,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/08 12:24:46 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[2008/09/08 12:24:46 | 00,014,756 | ---- | C] () -- C:\WINDOWS\System32\Ldcmrc16.dll
[2008/09/08 12:23:47 | 00,000,487 | ---- | C] () -- C:\WINDOWS\demo.INI
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/05/03 13:38:42 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/12 09:09:17 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 09:07:01 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/10/02 12:48:18 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 03:41:06 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/27 23:35:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gerald\Desktop\OTL.exe
[2009/08/27 22:53:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 22:53:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 22:53:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/08/27 22:53:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/08/27 22:51:35 | 00,025,831 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/08/26 21:02:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/26 15:32:49 | 00,325,885 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/26 15:18:44 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\Gerald\Desktop\Shortcut to SDMain.lnk
[2009/08/26 13:28:06 | 15,794,880 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Gerald\Desktop\drweb-cureit.exe
[2009/08/25 13:52:50 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Gerald\Desktop\Win32kDiag.exe
[2009/08/25 10:51:24 | 04,296,614 | -H-- | M] () -- C:\Documents and Settings\Gerald\Local Settings\Application Data\IconCache.db
[2009/08/25 10:38:26 | 00,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090826-153249.backup
[2009/08/25 10:36:16 | 00,353,485 | ---- | M] () -- C:\Documents and Settings\Gerald\Desktop\HostsXpert.zip
[2009/08/25 10:20:58 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Gerald\Desktop\spybotsd162.exe
[2009/08/24 14:31:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/24 14:23:28 | 03,183,434 | R--- | M] () -- C:\Documents and Settings\Gerald\Desktop\ComboFix.exe
[2009/08/24 11:49:45 | 00,280,282 | ---- | M] () -- C:\Documents and Settings\Gerald\Desktop\gmer.zip
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/22 16:41:28 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Gerald\Desktop\HijackThis.lnk
[2009/08/22 16:41:18 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Gerald\Desktop\HJTInstall.exe
[2009/08/22 14:00:05 | 00,564,512 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/22 14:00:05 | 00,030,240 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/22 14:00:05 | 00,008,636 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/22 14:00:05 | 00,003,884 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/22 13:55:51 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/08/22 12:29:04 | 00,002,719 | ---- | M] () -- C:\rollback.ini
[2009/08/22 08:54:22 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Gerald\Desktop\iexplore.exe.exe
[2009/08/20 19:37:29 | 00,000,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/08/19 23:24:32 | 00,048,544 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/19 17:25:05 | 00,038,016 | ---- | M] (DnsFilter) -- C:\WINDOWS\System32\drivers\DnsFilter.sys
[2009/08/19 13:18:30 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\mmsmark2.dat
[2009/08/19 12:18:12 | 00,097,280 | ---- | M] () -- C:\WINDOWS\vkl_1250702287
[2009/08/18 11:57:12 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0535251103110107106.yux
[2009/08/18 10:45:19 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/08/15 18:49:54 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/08/15 18:49:52 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\93E3FA1EED.sys
[2009/08/15 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
========== Alternate Data Streams ==========
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71068F5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77413142
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23806346
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9744B982
< End of report >