PDA

View Full Version : Windows Installer po up message - virtumonde?



zenjimc
2010-10-16, 15:41
A "Windows Installer" pop up message which just says "installing ..." is repeatedly appearing on screen. The computer doesn't seem to actually be installing anything. There is a "cancel" button which I can click and it does after a minute or so close the box.

Before this began happening, the computer had been slowing to a crawl (something running constantly in background). I did a system restore, spy bot S&D found a Virtumonde which it removed, and I also ran McAfee virtual technician, which had me install an updated engine.

I'm wondering if some registry or other changes were made.

Thank you for any assistance.

DDS report for above:


DDS (Ver_10-10-10.03) - NTFSx86
Run by James Collins at 14:23:35.95 on Sat 10/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100915080541.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Easy Dock] c:\documents and settings\james collins\my documents\rca easyrip\EZDock.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.5\RetroExpress.exe /h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TimeSink Ad Client] "c:\program files\timesink\adgateway\TSAdBot.exe"
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\jamesc~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\james collins\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: eastersealsnh.org
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com\us
Trusted Zone: microsoft.com\www.update
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\james collins\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-10-12 19:34:49 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 19:34:48 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 19:34:38 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-11 00:06:55 -------- d-----w- c:\docume~1\jamesc~1\locals~1\applic~1\Microsoft Help
2010-10-10 00:34:14 -------- d-----w- c:\program files\Spawn
2010-10-10 00:03:02 2829 ----a-w- c:\windows\DiabUnin.pif
2010-10-10 00:03:02 118784 ----a-w- c:\windows\DiabUnin.exe
2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-09 03:51:16 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-10-09 03:51:16 -------- d-----w- c:\program files\common files\L&H
2010-10-09 03:03:18 5450 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-10-08 00:45:50 -------- d-----w- c:\documents and settings\all users\Microsoft
2010-10-08 00:44:19 364607 ----a-w- c:\program files\common files\microsoft shared\ink\SKCHUI.DLL
2010-10-08 00:44:18 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
2010-10-08 00:39:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-06 00:34:41 -------- d-----w- c:\program files\D-Link Toolbar
2010-10-06 00:34:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\D-Link Toolbar
2010-10-06 00:34:34 -------- d-----w- c:\program files\common files\Software Update Utility
2010-10-05 23:49:55 -------- d-----w- c:\docume~1\jamesc~1\applic~1\VirtualStore
2010-10-02 19:16:40 -------- d-----w- C:\Atari2600
2010-10-02 16:03:20 -------- d-----w- c:\program files\Crimson Editor
2010-10-02 00:27:05 -------- d-----w- c:\docume~1\jamesc~1\applic~1\Stella
2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-22 00:39:37 -------- d-----w- c:\docume~1\jamesc~1\applic~1\McAfee
2010-09-21 21:55:31 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-19 13:53:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\RetroExp
2010-09-19 13:52:59 -------- d-----w- c:\program files\Retrospect
2010-09-19 13:25:31 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys
2010-09-19 13:25:21 -------- d-----w- c:\program files\Iomega

==================== Find3M ====================

2010-10-15 22:36:15 235248 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-15 22:36:15 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-03 00:17:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-03 00:17:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 00:49:48 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-20 22:51:36 1874384736 ----a-w- c:\program files\MSSetupv87.exe
2009-10-30 16:56:29 85504 ----a-w- c:\program files\Inherit.exe
2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll

============= FINISH: 14:25:31.89 ===============

ken545
2010-10-22, 15:27
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

TimeSink Ad Client <--Did you knowingly install this program, it looks like it could cause problems


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean





Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

zenjimc
2010-10-23, 07:45
Here is log. Thank you for your assistance.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4922

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/23/2010 12:31:07 AM
mbam-log-2010-10-23 (00-31-07).txt

Scan type: Quick scan
Objects scanned: 155533
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\timesink ad client (AdWare.Cydoor) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ken545
2010-10-23, 12:28
Looks like that was the culprit. Please answer any questions I ask as it helps me with the diagnosis of your system.

Run this program , it will show a bit more of whats going on


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

zenjimc
2010-10-23, 17:02
OTL Extras logfile created on: 10/23/2010 8:48:05 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\James Collins\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 154.86 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 711.68 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

Computer Name: D9Q76YB1 | User Name: James Collins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56961:TCP" = 56961:TCP:*:Enabled:Pando Media Booster
"56961:UDP" = 56961:UDP:*:Enabled:Pando Media Booster
"58465:TCP" = 58465:TCP:*:Enabled:Pando Media Booster
"58465:UDP" = 58465:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"9842:TCP" = 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP" = 9842:UDP:*:Disabled:SolidNetworkManager
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56767:TCP" = 56767:TCP:*:Enabled:Pando Media Booster
"56767:UDP" = 56767:UDP:*:Enabled:Pando Media Booster
"56961:TCP" = 56961:TCP:*:Enabled:Pando Media Booster
"56961:UDP" = 56961:UDP:*:Enabled:Pando Media Booster
"58465:TCP" = 58465:TCP:*:Enabled:Pando Media Booster
"58465:UDP" = 58465:UDP:*:Enabled:Pando Media Booster
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe" = C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy -- File not found
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII -- File not found
"C:\Program Files\McAfee\MSK\MskSrver.exe" = C:\Program Files\McAfee\MSK\MskSrver.exe:*:Enabled:MskSrver -- File not found
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" = C:\Program Files\Dell Support Center\bin\sprtcmd.exe:*:Enabled:sprtcmd -- (SupportSoft, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\steamapps\common\hexen 2\glh2.exe" = C:\Program Files\Steam\steamapps\common\hexen 2\glh2.exe:*:Enabled:Hexen 2 -- File not found
"C:\Program Files\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe" = C:\Program Files\Steam\steamapps\common\osmos igf demo\OsmosDemo.exe:*:Enabled:Osmos IGF Demo -- File not found
"C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe" = C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe" = C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Steam\steamapps\bartawe\half-life\hl.exe" = C:\Program Files\Steam\steamapps\bartawe\half-life\hl.exe:*:Enabled:Half-Life -- File not found
"I:\Games\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe" = I:\Games\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe:*:Enabled:Audiosurf Demo -- ()
"I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe" = I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\Launcher.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)
"I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe" = I:\Games\Steam\steamapps\common\sid meier's civilization v - demo\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games)
"I:\Games\Steam\steamapps\common\torchlight\TorchED\Editor.exe" = I:\Games\Steam\steamapps\common\torchlight\TorchED\Editor.exe:*:Enabled:Torchlight Editor -- (Runic Games, Inc.)
"I:\Games\Steam\steamapps\bartawe\ricochet\hl.exe" = I:\Games\Steam\steamapps\bartawe\ricochet\hl.exe:*:Enabled:Ricochet -- (Valve)
"I:\Games\Steam\steamapps\bartawe\team fortress classic\hl.exe" = I:\Games\Steam\steamapps\bartawe\team fortress classic\hl.exe:*:Enabled:Team Fortress Classic -- (Valve)
"I:\Games\Steam\steamapps\common\alien swarm\srcds.exe" = I:\Games\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"I:\Games\Steam\steamapps\common\alien swarm\swarm.exe" = I:\Games\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"I:\Games\Steam\steamapps\bartawe\half-life\hl.exe" = I:\Games\Steam\steamapps\bartawe\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{0C98E73E-D495-CA87-EF1D-50D3A719351E}" = CCC Help Dutch
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FF1802B-4FE0-81D5-D28F-5095543CB57B}" = Skins
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{173A4BD8-B1E5-252A-FE86-C84C7E7B5F2E}" = CCC Help English
"{17986CD6-070C-BE3E-E4D6-C36DDEEAA37C}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D1D37A-817B-3A45-FDF5-507BD8A79680}" = CCC Help Chinese Traditional
"{21879F6C-52F6-7A6F-6736-A7C912653608}" = CCC Help Danish
"{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
"{21E4AB1F-C62E-C5C1-96A3-F4378A763C5B}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{272DDF13-3B89-D0D8-B668-CEC4FB34C1E7}" = Catalyst Control Center Localization All
"{2743B5EB-7C1C-36CC-FBBB-A02F2F4EC52D}" = ccc-utility
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Overture
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38DCE347-CE45-219E-56AD-30FCB04CF71A}" = CCC Help Hungarian
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3F9FCFE0-4979-6377-771D-E8A3F3B197E7}" = CCC Help Portuguese
"{3FF0269F-3C3F-4C9D-832B-AAECC8B593CF}" = Grandmaster Challenge
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E901875-0F15-44BA-89DE-94AA41A7F507}" = Clear Cache feature for Internet Explorer
"{552C5B4A-595F-4FA6-B2AD-2F1B2A333CE5}" = Fritz7
"{58FD9795-2B8D-4984-90B7-08AD00549BDB}_is1" = BatariBasic Installer 0.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C844F60-CFF2-33DE-FD0D-09F3C392679B}" = Catalyst Control Center HydraVision Full
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.00
"{5F723D64-4042-ABAE-2A9E-1FEBA1FE4B00}" = CCC Help Korean
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{61709405-4DB8-410C-53DC-A76945D7EBC1}" = CCC Help Turkish
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6818E2F8-132B-4A68-94EA-CDC8B8132CD4}" = Castlevania & Contra
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CDB4B41-9244-EC3F-5FBC-550A8BC697F4}" = CCC Help Japanese
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EF0B467-8FDD-845E-F168-C7F0C6124C26}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{74FF7813-4878-AB41-8503-22287CF11F37}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{79469AEF-FF16-C52B-F7F8-E1E203A036E5}" = CCC Help Italian
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E08A1E-963B-8846-8082-88B996FC060E}" = CCC Help Swedish
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999A2E61-63EE-61BF-26E4-0C7B8B2A0BE2}" = Media Go Video Playback Engine 1.8.104.02120
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABF04DC-A40D-B4DA-189B-89497B599AB7}" = CCC Help French
"{9D56C31A-C9C8-394C-0804-670B0D2E0E1F}" = CCC Help Norwegian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B53FA0E4-739C-435F-9872-E3032F2E08FC}" = Iomega QuikProtect
"{B59A1FFA-4EE2-805D-7B48-806DE73AAE03}" = CCC Help Thai
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C19AB6C4-BBD0-49EF-927D-9C7CB80BC0B0}" = MapleStory
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C37810F2-3983-B864-EB7F-DCCB67703FB0}" = Catalyst Control Center Graphics Full New
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF6D9C4-EFA6-F0EC-8E56-8C85609D267D}" = ccc-core-preinstall
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1C2B2A9-6FC3-69A6-DDCC-10179BD2A978}" = CCC Help German
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D5C8DB90-573F-A4E4-6EBF-728B634E3E07}" = CCC Help Polish
"{DD76E812-359A-FEA9-FB17-2E55EBB36543}" = Catalyst Control Center Core Implementation
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E83971BF-8FEE-F2A6-E0CC-5187C1ECBD4D}" = CCC Help Greek
"{E9C6DC23-56C9-2B27-5FEC-4EEDD107D2D6}" = ccc-core-static
"{EAC31CB7-575E-8C31-468D-10D5FB31CD1A}" = Catalyst Control Center Graphics Full Existing
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{F07717A3-8376-AA87-6BE2-D560F1EBABF0}" = CCC Help Spanish
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F371C899-B40A-811A-2825-30BE7E941CC9}" = CCC Help Czech
"{FF6486A6-608F-F80C-BE5C-17D07E2D49BF}" = CCC Help Russian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Aquaria" = Aquaria
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MP600 User Registration" = Canon MP600 User Registration
"CanonMyPrinter" = Canon My Printer
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"Citrix Web Client" = Citrix Web Client
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Colorizer 1.0.0.1" = Colorizer 1.0.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Crimson Editor" = Crimson Editor (remove only)
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Disciples 2 Gold: Dark Prophecy & Rise of the Elves_is1" = Disciples 2 Gold: Dark Prophecy & Rise of the Elves
"Disciples Gold_is1" = Disciples Gold
"Disciples: Sacred Lands Gold Edition" = Disciples: Sacred Lands Gold Edition
"D-Link Toolbar" = D-Link Toolbar
"DXTXTRA" = Microsoft DirectX Transform optional components
"Earthworm Jim" = Earthworm Jim (Remove only, requires CD)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"Final Fantasy VII" = Final Fantasy VII
"Game Maker 7.0" = Game Maker 7.0
"Greenfoot_is1" = Greenfoot 1.5.6
"HisDarkMajesty" = HisDarkMajesty
"Icewind Dale" = Icewind Dale
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Might & Magic VI Limited Edition_is1" = Might & Magic VI Limited Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musette_is1" = Musette version 2.9.14
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"oggcodecs" = oggcodecs 0.71.0946
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"Pronto" = Pronto 3.1.0-D
"PunkBusterSvc" = PunkBuster Services
"Quake2UninstallKey" = Quake II
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"Realms of Arkania Pack_is1" = Realms of Arkania Pack
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scratch" = Scratch
"SearchAssist" = SearchAssist
"Sierra Utilities" = Sierra Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SolidStateIONIE" = Solid State ION Internet Explorer Plugin
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 10" = Counter-Strike
"Steam App 12900" = Audiosurf
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 26800" = Braid
"Steam App 29100" = Osmos IGF Demo
"Steam App 400" = Portal
"Steam App 41520" = Torchlight Editor
"Steam App 50" = Half-Life: Opposing Force
"Steam App 60" = Ricochet
"Steam App 630" = Alien Swarm
"Steam App 65900" = Sid Meier's Civilization V - Demo
"Steam App 70" = Half-Life
"Steam App 8400" = Geometry Wars
"Steam App 9060" = Hexen 2
"Steam App 92" = Codename Gordon
"Stella_is1" = Stella 3.2.2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"UDK-ac249442-afb2-4955-a1cb-157e2bdd6f65" = Hazard - Journey Of Life Demo
"UnityWebPlayer" = Unity Web Player
"VDMSound" = VDMSound
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VST Bridge_is1" = VST Bridge 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.5
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 10:13:38 PM | Computer Name = D9Q76YB1 | Source = Application Hang | ID = 1002
Description = Hanging application sumotori.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2010 1:39:58 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/21/2010 7:18:24 AM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/21/2010 7:54:35 AM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/21/2010 4:27:34 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/21/2010 7:05:49 PM | Computer Name = D9Q76YB1 | Source = Application Hang | ID = 1002
Description = Hanging application Dwarf Fortress.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 3:26:42 PM | Computer Name = D9Q76YB1 | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/22/2010 5:48:04 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 10/22/2010 5:48:04 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY GENIUS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 10/22/2010 5:49:45 PM | Computer Name = D9Q76YB1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\ITUNES\ITUNES
LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


[ Cisco AnyConnect VPN Client Events ]
Error - 3/31/2010 9:35:52 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 3/31/2010 9:35:52 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 8/27/2010 10:58:53 PM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/31/2010 12:15:05 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 9/21/2010 12:00:42 AM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 10/12/2010 3:56:12 PM | Computer Name = D9Q76YB1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:41:41 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:08 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 10/23/2010 12:42:29 AM | Computer Name = D9Q76YB1 | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >

zenjimc
2010-10-23, 17:10
Here is the OTL log. The Windows Installer pop up is still coming up, at this point only when I try to open an office document. I then need to click to cancel it and click to cancel Word 2010, and reclick document again and it will open.


OTL logfile created on: 10/23/2010 8:48:05 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\James Collins\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 154.86 Gb Free Space | 67.88% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 711.68 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

Computer Name: D9Q76YB1 | User Name: James Collins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\James Collins\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Iomega\QuikProtect\QuikProtect.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Documents and Settings\James Collins\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)
PRC - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe (EMC Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\UAService7.exe ()
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\James Collins\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
MOD - C:\WINDOWS\system32\serwvdrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umdmxfrm.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (npkcmsvc) -- C:\Nexon\MapleStory\npkcmsvc.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (QPCopyEngine) -- C:\Program Files\Iomega\QuikProtect\QpMonitor.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (STCAgent) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe (Cisco Systems, Inc.)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (RetroExp Helper) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe (EMC Corporation)
SRV - (RetroExpLauncher) -- C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe (EMC Corporation)
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\system32\UAService7.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)


========== Driver Services (SafeList) ==========

DRV - (XDva279) -- C:\WINDOWS\System32\XDva279.sys File not found
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (vvqlbdup) -- C:\WINDOWS\System32\drivers\goyxxt.sys File not found
DRV - (vcdrom) -- C:\WINDOWS\System32\drivers\VCdRom.sys File not found
DRV - (npkcusb) -- C:\Nexon\MapleStory\npkcusb.sys File not found
DRV - (npkcrypt) -- C:\Nexon\MapleStory\npkcrypt.sys File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (cafd20fe-06de-444d-aff9-1c1458602f1e) -- D:\CDS300\cds300.dll File not found
DRV - (BW2NDIS5) -- C:\WINDOWS\System32\Drivers\BW2NDIS5.sys File not found
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (QsFsFltr) -- C:\WINDOWS\system32\drivers\QsFsFltr.sys (Windows (R) Win 7 DDK provider)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (CSVirtA) -- C:\WINDOWS\system32\drivers\CSVirtA.sys (Cisco Systems, Inc.)
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (sdcplh) -- C:\WINDOWS\system32\drivers\sdcplh.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061011
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061011
IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "eMusic Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {926a10d2-4ce7-4331-b96f-ca4e22590fac}:5.45.3.3629
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/07/29 22:03:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/08 23:49:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/23 07:04:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/22 15:28:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/22 15:28:56 | 000,000,000 | ---D | M]

[2008/06/24 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Extensions
[2010/10/22 16:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions
[2010/06/25 12:15:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/05 20:34:49 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
[2009/08/27 10:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com
[2010/01/21 17:11:52 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\searchplugins\conduit.xml
[2010/10/22 16:55:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 15:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/02 07:16:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/11/01 09:18:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100915080541.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files\D-Link Toolbar\dlinktb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Easy Dock] C:\Documents and Settings\James Collins\My Documents\RCA easyRip\EZDock.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\startQuikProtect.exe (Iomega Corporation - An EMC Company)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TimeSink Ad Client] C:\Program Files\TimeSink\AdGateway\TSAdBot.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\James Collins\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\James Collins\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: eastersealsnh.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([us] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://cdn1.acclaimdownloads.com/solidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames.com/downloads/activex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\AutoRun\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\install\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualEnglish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualFrench\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{fe767058-5252-11df-801c-001676cb0c0a}\Shell\usermanualSpanish\command - "" = I:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - Reg Error: Value error.
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - Solid State ION Internet Explorer Plugin
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 00:34:06 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/10/23 00:06:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/23 00:06:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/23 00:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 23:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/10/16 19:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\InstantAction
[2010/10/11 07:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2010/10/10 20:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/10 20:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Local Settings\Application Data\Microsoft Help
[2010/10/09 20:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spawn
[2010/10/09 20:03:02 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/10/08 23:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/10/08 23:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/10/07 20:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/10/07 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/10/07 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/10/07 20:38:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/10/05 20:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link Toolbar
[2010/10/05 20:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
[2010/10/05 20:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/10/05 19:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\VirtualStore
[2010/10/02 15:16:40 | 000,000,000 | ---D | C] -- C:\Atari2600
[2010/10/02 12:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Crimson Editor
[2010/10/01 20:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Stella
[2010/09/24 19:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Retrospect Catalog Files
[2010/09/21 20:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\McAfee
[2010/09/21 17:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install
[2010/09/19 09:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2010/09/19 09:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Retrospect
[2010/09/19 09:25:31 | 000,019,384 | R--- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\QsFsFltr.sys
[2010/09/19 09:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Iomega
[2010/09/14 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Processing
[2010/09/14 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Processing
[2010/09/12 15:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Musette
[2010/09/11 20:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/10 16:56:16 | 000,049,536 | R--- | C] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\tiehdusb.sys
[2010/09/03 16:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\TS3Client
[2010/09/03 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010/09/02 20:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\My Documents\Penumbra Overture
[2010/09/02 20:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Penumbra Overture
[2010/09/02 07:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/01 17:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\HorizonWimba
[2010/09/01 17:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Wimba
[2010/08/26 20:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/08/26 13:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/26 13:19:07 | 000,000,000 | ---D | C] -- C:\lords
[2010/08/26 10:45:09 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/26 10:45:01 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/26 10:45:01 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/26 10:45:01 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/26 10:45:01 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/26 10:45:01 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/26 10:45:01 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/25 18:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\solcache
[2010/08/25 18:14:34 | 001,022,976 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SierraNW.dll
[2010/08/25 18:14:34 | 000,231,936 | ---- | C] (Cendant Software) -- C:\WINDOWS\System32\SNWValid.dll
[2010/08/25 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2010/08/25 17:17:14 | 000,000,000 | ---D | C] -- C:\Quake2
[2010/08/22 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James Collins\Application Data\Intel Corporation
[2010/08/22 21:04:41 | 000,000,000 | ---D | C] -- C:\Intel
[2008/03/15 09:58:56 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

========== Files - Modified Within 90 Days ==========

[2010/10/23 08:15:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 05:42:11 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 05:40:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 05:40:27 | 3219,038,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 00:06:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:39:23 | 000,005,162 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/10/22 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/10/22 22:03:41 | 000,000,481 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
[2010/10/22 21:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (zenjim).job
[2010/10/22 17:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/22 16:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/10/20 21:27:58 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
[2010/10/20 20:45:24 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
[2010/10/20 17:32:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Kindergarten Class List.doc2010-2011.doc
[2010/10/19 21:07:57 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
[2010/10/19 21:07:14 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
[2010/10/19 20:25:06 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Conferences - Fall
[2010/10/18 22:21:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 13:20:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly).job
[2010/10/17 10:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/10/16 14:55:21 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
[2010/10/16 14:33:52 | 000,004,435 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
[2010/10/16 14:20:32 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
[2010/10/16 13:05:00 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences.dat
[2010/10/16 12:31:13 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences2.dat
[2010/10/16 10:30:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/10/15 18:36:43 | 000,137,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/10/15 18:36:15 | 000,235,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/10/14 19:19:34 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/14 18:27:23 | 000,691,032 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
[2010/10/13 21:11:51 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
[2010/10/12 15:57:16 | 000,426,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/12 15:43:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/11 15:46:34 | 000,017,069 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
[2010/10/10 08:23:53 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
[2010/10/09 20:34:49 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2010/10/09 20:34:49 | 000,009,969 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2010/10/09 20:34:49 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2010/10/08 23:03:18 | 000,506,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 23:03:18 | 000,096,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 14:54:17 | 000,187,974 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
[2010/10/07 21:54:35 | 000,010,082 | -H-- | M] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
[2010/10/05 22:17:22 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex__preferences3.dat
[2010/10/03 19:44:16 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
[2010/10/02 15:10:43 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
[2010/10/02 12:03:24 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
[2010/09/30 18:48:59 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
[2010/09/30 18:27:38 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
[2010/09/29 21:36:35 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
[2010/09/28 21:21:24 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
[2010/09/27 20:51:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
[2010/09/27 17:00:46 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
[2010/09/26 07:55:25 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
[2010/09/23 17:09:13 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
[2010/09/23 16:56:35 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collins.doc
[2010/09/22 20:28:21 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
[2010/09/22 18:35:02 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Anthem Movie.doc
[2010/09/21 22:00:46 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
[2010/09/21 20:53:51 | 000,011,749 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
[2010/09/21 19:18:23 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
[2010/09/21 17:56:34 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/09/21 15:33:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId
[2010/09/18 16:41:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
[2010/09/17 21:56:02 | 000,093,340 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/14 20:35:00 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Morning Kindergarten Weekly Schedule.doc
[2010/09/14 18:20:51 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
[2010/09/13 20:06:12 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
[2010/09/06 13:57:18 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
[2010/09/05 16:54:05 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Master Grocery List.doc
[2010/09/02 22:07:09 | 000,051,472 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
[2010/09/02 20:17:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/09/01 18:20:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
[2010/09/01 17:37:23 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
[2010/09/01 17:37:23 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
[2010/08/30 14:18:12 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
[2010/08/29 13:44:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
[2010/08/27 19:18:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
[2010/08/27 18:54:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
[2010/08/27 18:24:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
[2010/08/27 14:32:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
[2010/08/27 14:15:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
[2010/08/27 14:15:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
[2010/08/27 13:46:56 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Odysseus Paper.doc
[2010/08/26 20:49:48 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/08/26 13:21:48 | 000,000,635 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/20 09:33:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 20:28:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
[2010/08/10 17:19:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
[2010/07/29 22:03:31 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
[2010/07/26 22:19:46 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk

========== Files Created - No Company Name ==========

[2010/10/23 00:06:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 22:03:41 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
[2010/10/20 21:27:58 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
[2010/10/20 20:45:24 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
[2010/10/19 21:07:57 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
[2010/10/19 21:07:14 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
[2010/10/16 14:55:21 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
[2010/10/16 14:33:52 | 000,004,435 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
[2010/10/16 14:20:32 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
[2010/10/14 18:27:20 | 000,691,032 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
[2010/10/11 15:46:34 | 000,017,069 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
[2010/10/11 12:11:33 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
[2010/10/10 08:23:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
[2010/10/09 20:03:02 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/10/09 20:03:01 | 000,009,969 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/10/08 14:54:17 | 000,187,974 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
[2010/10/07 21:54:34 | 000,010,082 | -H-- | C] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
[2010/10/02 17:52:54 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
[2010/10/02 12:03:24 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
[2010/09/30 18:48:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
[2010/09/30 18:27:38 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
[2010/09/29 21:36:35 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
[2010/09/27 21:18:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
[2010/09/26 16:00:30 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
[2010/09/26 12:38:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
[2010/09/26 07:53:38 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
[2010/09/23 17:09:13 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
[2010/09/22 20:28:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
[2010/09/22 20:07:37 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
[2010/09/21 22:00:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
[2010/09/21 20:53:51 | 000,011,749 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
[2010/09/21 19:07:55 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
[2010/09/21 15:33:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId


Rest of report to follow -file too long.

zenjimc
2010-10-23, 17:18
[2010/09/18 16:41:33 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
[2010/09/17 21:56:02 | 000,093,340 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/14 20:35:00 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Morning Kindergarten Weekly Schedule.doc
[2010/09/14 18:20:51 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
[2010/09/13 20:06:12 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
[2010/09/06 13:57:18 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
[2010/09/05 16:54:05 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Master Grocery List.doc
[2010/09/02 22:07:09 | 000,051,472 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
[2010/09/02 20:17:53 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/09/01 18:20:38 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
[2010/09/01 17:37:23 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
[2010/09/01 17:37:23 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
[2010/08/30 14:18:12 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
[2010/08/29 13:44:27 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
[2010/08/27 19:18:11 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
[2010/08/27 18:54:58 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
[2010/08/27 18:24:48 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
[2010/08/27 14:32:42 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
[2010/08/27 14:15:20 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
[2010/08/27 14:15:18 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
[2010/08/27 13:46:56 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Odysseus Paper.doc
[2010/08/26 20:49:48 | 002,373,712 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010/08/26 13:21:48 | 000,000,635 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/20 09:33:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 20:28:57 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
[2010/08/10 17:19:55 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
[2010/07/29 22:03:31 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
[2010/07/26 22:19:46 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk

========== Files Created - No Company Name ==========

[2010/10/23 00:06:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 22:03:41 | 000,000,481 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\minerman.PNG
[2010/10/20 21:27:58 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\MinecraftMan.PNG
[2010/10/20 20:45:24 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Progress Report rubric kindergarten.doc
[2010/10/19 21:07:57 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.PNG
[2010/10/19 21:07:14 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\neon.bmp
[2010/10/16 14:55:21 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\green.PNG
[2010/10/16 14:33:52 | 000,004,435 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Attach.zip
[2010/10/16 14:20:32 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ERUNT.lnk
[2010/10/14 18:27:20 | 000,691,032 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pictures..docx
[2010/10/11 15:46:34 | 000,017,069 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Health project.docx
[2010/10/11 12:11:33 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima Walking Tour.docx
[2010/10/10 08:23:53 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\SpywareBlaster.lnk
[2010/10/09 20:03:02 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2010/10/09 20:03:01 | 000,009,969 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2010/10/08 14:54:17 | 000,187,974 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hiroshima.pptx
[2010/10/07 21:54:34 | 000,010,082 | -H-- | C] () -- C:\Documents and Settings\James Collins\My Documents\ZbThumbnail.info
[2010/10/02 17:52:54 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin8.doc
[2010/10/02 12:03:24 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Crimson Editor.lnk
[2010/09/30 18:48:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin7.doc
[2010/09/30 18:27:38 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Book1.xls
[2010/09/29 21:36:35 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre3.doc
[2010/09/27 21:18:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre2.doc
[2010/09/26 16:00:30 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin6.doc
[2010/09/26 12:38:17 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\https health.doc
[2010/09/26 07:53:38 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Trees Letter to parents.doc
[2010/09/23 17:09:13 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Sid Meier's Civilization V - Demo.url
[2010/09/22 20:28:20 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hopes and Dreams.doc
[2010/09/22 20:07:37 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre1.doc
[2010/09/21 22:00:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Nombre.doc
[2010/09/21 20:53:51 | 000,011,749 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\MVTHealthCheck_Deviation.html
[2010/09/21 19:07:55 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Copy of generaltemplate 2011-2012.xls
[2010/09/21 15:33:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\James Collins\.org.eclipse.epp.usagedata.recording.userId
[2010/09/18 16:41:33 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\ser or estar.doc
[2010/09/18 10:30:44 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Anthem Movie.doc
[2010/09/14 18:20:51 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Hijazi Qs.doc
[2010/09/13 20:06:12 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Querido Evan.doc
[2010/09/02 22:07:09 | 000,051,472 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\pace chart.rtf
[2010/09/01 18:20:38 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\Audacity.lnk
[2010/09/01 17:37:23 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Pronto.lnk
[2010/09/01 17:37:23 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pronto.lnk
[2010/08/29 13:44:45 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\APcomputersciences.doc
[2010/08/29 07:56:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Kindergarten Class List.doc2010-2011.doc
[2010/08/28 17:05:39 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin5.doc
[2010/08/27 17:36:58 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin4.doc
[2010/08/26 23:00:36 | 000,246,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/23 18:08:13 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin3.doc
[2010/08/16 16:56:35 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin2.doc
[2010/08/15 11:46:58 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Animal farm essay.doc
[2010/08/12 17:50:28 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collin1.doc
[2010/08/12 16:21:22 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010/08/11 18:40:50 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Dylan Collins.doc
[2010/08/10 20:17:10 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Directions to Jim and Sue.doc
[2010/08/10 17:19:55 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Keyterms.doc
[2010/08/08 12:41:04 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Ender's Game Paper 1.doc
[2010/07/29 22:03:31 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\eMusic Download Manager.lnk
[2010/07/29 17:33:21 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\James Collins\My Documents\Ender Paper.doc
[2010/07/26 22:19:46 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\James Collins\Desktop\ZoomBrowser EX.lnk
[2010/07/24 14:34:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_12.bmp
[2010/07/24 14:32:17 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_11.bmp
[2010/07/23 19:33:40 | 001,327,158 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_10.bmp
[2010/07/20 18:13:39 | 1874,384,736 | ---- | C] () -- C:\Program Files\MSSetupv87.exe
[2009/10/30 12:56:28 | 000,085,504 | ---- | C] () -- C:\Program Files\Inherit.exe
[2009/08/30 20:34:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_9.bmp
[2009/08/03 08:59:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2009/07/30 09:34:22 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mk4vc60.dll
[2008/11/24 16:56:24 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/05 10:33:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_8.bmp
[2008/08/16 10:03:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_7.bmp
[2008/06/22 21:20:54 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_6.bmp
[2008/05/26 09:13:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/26 09:11:33 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\James Collins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/29 21:48:41 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\zbq_Q1ssg.ini
[2008/03/11 16:40:46 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/03/11 16:40:45 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\PnkBstrK.sys
[2008/03/05 20:28:15 | 000,000,253 | ---- | C] () -- C:\WINDOWS\CREATOR.INI
[2008/03/02 17:41:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Darkstone.INI
[2008/03/02 17:36:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL
[2008/01/12 10:51:12 | 000,000,155 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/01/12 10:29:25 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/11/22 09:49:54 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_5.bmp
[2007/11/15 21:12:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/20 08:10:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/07/17 09:00:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/17 09:00:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/17 09:00:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/07/17 08:59:59 | 000,000,635 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/08 21:41:35 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_4.bmp
[2007/07/08 21:40:20 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_3.bmp
[2007/06/20 17:50:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/05/20 12:45:29 | 000,009,008 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2007/05/11 21:10:53 | 003,632,694 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_2.bmp
[2007/05/11 20:32:14 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper_1.bmp
[2007/02/09 16:35:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/24 19:00:17 | 000,005,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/15 20:40:09 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\ZBWallpaper.bmp
[2006/11/12 17:21:46 | 000,000,178 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006/11/05 09:59:47 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/11/04 19:49:27 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/10/21 10:25:21 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\James Collins\Application Data\dvd.bmk
[2006/10/19 22:19:56 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/19 22:19:56 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8B0739B6A5.sys
[2006/10/19 21:06:56 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/18 10:24:12 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/18 09:38:27 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/10/18 09:11:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\James Collins\Local Settings\Application Data\fusioncache.dat
[2006/10/11 20:08:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/11 20:01:04 | 000,005,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/11 19:54:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/11 19:26:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2008/10/17 15:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/03/02 22:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2006/10/18 10:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/20 15:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/02/20 23:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/05 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link Toolbar
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/06/02 16:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
[2008/01/24 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Earthsim
[2009/12/06 20:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/08/26 20:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2009/03/21 21:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2008/08/28 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/07/19 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2006/10/20 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/11/14 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/12/07 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2008/12/07 10:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/28 16:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/10/23 08:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2006/10/18 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/21 19:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/12/07 10:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/10 08:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/05 15:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valve
[2007/04/12 19:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/28 20:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2009/03/18 15:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/29 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 16:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/20 16:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\.minecraft
[2008/09/27 20:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Amazon
[2009/09/12 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Braid
[2010/05/20 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Canon
[2006/11/12 23:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ChessBase
[2010/02/20 15:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Cisco
[2010/04/20 16:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Dev-Cpp
[2008/01/24 11:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Earthsim
[2010/03/29 09:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\eMusic
[2010/06/22 08:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\GetRightToGo
[2010/01/20 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\GR Games
[2008/08/14 18:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\gtk-2.0
[2010/09/01 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\HorizonWimba
[2009/08/03 09:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ICAClient
[2009/07/03 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\id Software
[2010/10/16 19:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\InstantAction
[2010/06/05 17:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Lala Music Mover
[2006/11/04 19:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Leadertech
[2008/05/16 17:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\LEGO Company
[2008/01/01 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\My Games
[2006/10/20 16:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Otto
[2010/06/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\OverDrive
[2009/11/14 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\PACE Anti-Piracy
[2010/06/23 13:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\PirateGalaxy
[2010/09/14 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Processing
[2009/11/04 20:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\runic games
[2006/11/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ScamBlocker
[2006/10/18 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\ScanSoft
[2009/10/01 18:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Sony
[2009/10/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Sony Setup
[2010/10/01 20:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Stella
[2009/06/11 23:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\The Path
[2010/09/03 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\TS3Client
[2009/07/02 08:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Uniblue
[2009/11/14 18:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Unity
[2007/03/09 20:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Viewpoint
[2010/10/05 19:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\VirtualStore
[2009/03/08 14:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Windows Desktop Search
[2009/03/23 09:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James Collins\Application Data\Windows Search
[2010/10/17 13:20:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (Weekly).job
[2010/10/22 21:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (zenjim).job
[2010/10/17 10:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/10/22 16:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/10/22 22:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/06/17 04:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/10/16 10:30:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/20 23:43:20 | 000,122,147 | ---- | M] () -- C:\aaw7boot.log
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/23 00:34:09 | 000,000,638 | ---- | M] () -- C:\avenger.txt
[2007/11/09 02:18:17 | 000,533,208 | ---- | M] ( ) -- C:\bonesaw.exe
[2009/02/15 17:51:47 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2009/11/26 12:13:38 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/21 17:56:39 | 000,001,236 | ---- | M] () -- C:\debug.log
[2009/09/22 20:01:34 | 000,035,931 | ---- | M] () -- C:\debugfile.txt
[2006/10/11 19:31:48 | 000,006,919 | RH-- | M] () -- C:\dell.sdr
[2008/03/29 21:48:06 | 000,000,183 | ---- | M] () -- C:\DownloadLog.txt
[2008/04/11 11:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 11:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 11:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 11:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 11:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 11:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 11:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 11:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 11:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2007/12/20 21:43:23 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2007/12/20 21:43:23 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/23 05:40:27 | 3219,038,208 | -HS- | M] () -- C:\hiberfil.sys
[2006/10/19 22:16:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/05/30 16:42:44 | 000,002,891 | -H-- | M] () -- C:\IPH.PH
[2009/10/30 17:48:58 | 000,057,768 | ---- | M] () -- C:\log.txt
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 06:13:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/23 05:40:21 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/06/10 18:52:45 | 000,000,000 | ---- | M] () -- C:\report.txt
[2006/10/11 19:56:14 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 11:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 11:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/05/01 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD87.DLL
[2006/05/01 13:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP87.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/10/30 12:56:29 | 000,085,504 | ---- | M] () -- C:\Program Files\Inherit.exe
[2010/07/20 18:51:36 | 1874,384,736 | ---- | M] () -- C:\Program Files\MSSetupv87.exe
[2008/03/15 09:58:28 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/10/19 21:06:56 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/26 06:18:28 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2006/10/11 19:51:00 | 000,492,096 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/12/04 10:14:09 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/08/26 19:57:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\James Collins\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/02/24 22:37:07 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\James Collins\Desktop\ATF-Cleaner.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/04/20 17:04:09 | 000,474,990 | ---- | M] () -- C:\Documents and Settings\James Collins\My Documents\Untitled1.exe

< %USERPROFILE%\*.exe >
[2010/02/20 23:09:06 | 000,061,224 | ---- | M] () -- C:\Documents and Settings\James Collins\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >
[2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/26 19:57:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\James Collins\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/23 08:44:15 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\James Collins\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/09/23 20:17:52 | 000,536,218 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log
[2010/09/23 20:17:17 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Logs\DXError.log

zenjimc
2010-10-23, 17:22
< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/16 13:05:00 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences.dat
[2010/10/16 12:31:13 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex_runescape_preferences2.dat
[2010/10/05 22:17:22 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\James Collins\jagex__preferences3.dat
[2010/10/23 08:43:22 | 014,942,208 | ---- | M] () -- C:\Documents and Settings\James Collins\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2006/05/01 13:00:00 | 000,006,144 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE87.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
[2007/01/12 00:33:05 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv
[2007/01/12 00:33:05 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv
[2007/01/12 00:33:05 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv
[2007/01/12 00:33:05 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv
[2007/01/12 00:33:05 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2008/09/15 15:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\001
[2008/09/09 15:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/01/13 08:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/31 14:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adventure 2600 Reboot
[2009/07/27 09:45:49 | 000,000,000 | ---D | M] -- C:\Program Files\AGD Interactive
[2010/03/12 18:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/08/22 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Algodoo Phun Edition
[2008/09/27 20:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/06/22 10:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\And Yet It Moves Demo
[2009/08/22 11:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2010/06/29 13:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/05/21 16:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Aquaria
[2009/01/03 20:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\AquariaDemo
[2006/10/18 10:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/10/24 14:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2010/10/22 23:37:42 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/09/01 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2006/10/11 20:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2008/07/09 17:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Baldur's Gate 2 Demo
[2009/08/22 11:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Ben There Dan That
[2006/10/21 17:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Bethesda Softworks
[2008/07/09 17:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Black Isle
[2010/06/29 13:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/05 17:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2006/10/28 16:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2006/10/18 10:20:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/03 09:29:07 | 000,000,000 | ---D | M] -- C:\Program Files\Cave Story Deluxe
[2006/11/12 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\ChessBase
[2010/02/20 15:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2009/06/29 08:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2010/02/20 23:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2008/03/19 19:03:59 | 000,000,000 | ---D | M] -- C:\Program Files\City of Heroes
[2008/08/24 11:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Cloud
[2007/05/15 17:36:29 | 000,000,000 | ---D | M] -- C:\Program Files\Colorizer
[2008/12/07 09:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Commando Xenidis
[2010/10/10 20:10:27 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/16 04:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/10/11 19:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/10/11 19:58:35 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2010/06/05 17:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2009/02/17 19:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Crayon Physics Deluxe Demo
[2010/10/02 12:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Crimson Editor
[2010/10/05 20:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\D-Link Toolbar
[2008/11/07 22:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\Data Realms
[2008/12/07 10:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\De Blob
[2008/12/07 09:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Death Illustrated
[2009/01/01 17:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2006/10/11 20:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2008/12/07 10:47:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2006/10/11 19:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/01/29 16:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\DIGStream
[2007/07/17 08:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/10/10 19:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.73
[2009/07/30 09:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\DROD
[2010/05/31 13:38:48 | 000,000,000 | ---D | M] -- C:\Program Files\DTF
[2009/06/22 10:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Dyson
[2009/04/28 15:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2007/01/01 19:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink TotalAccess
[2009/08/22 11:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\eGames
[2009/06/22 10:41:57 | 000,000,000 | ---D | M] -- C:\Program Files\Egoboo
[2010/07/29 22:03:31 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2005/08/16 20:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2009/10/25 09:20:05 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2005/08/16 20:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESPNMotion
[2006/12/28 19:20:32 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2008/12/07 10:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Frets on Fire
[2008/07/23 20:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Funcom
[2009/04/02 06:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\GALA-NET
[2008/09/27 21:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\GamesCampus
[2008/12/07 10:06:44 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2009/07/20 11:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Game_Maker7
[2009/01/03 20:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2009/01/03 20:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Glow
[2010/08/17 17:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\GOG.com
[2010/06/05 17:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/22 11:17:03 | 000,000,000 | ---D | M] -- C:\Program Files\Guild Wars
[2010/05/21 19:42:19 | 000,000,000 | ---D | M] -- C:\Program Files\HisDarkMajesty
[2008/06/04 20:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\illiminable
[2008/09/27 21:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames Interactive
[2010/10/09 16:45:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/22 21:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/10/11 19:51:59 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/10/12 15:41:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/09/19 09:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Iomega
[2010/06/29 13:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/29 13:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/02 07:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/07/17 08:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\KONAMI Software
[2009/01/03 20:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Company
[2007/07/18 14:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\LEGO Media
[2010/09/03 22:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\LP Recorder
[2007/08/19 11:54:42 | 000,000,000 | ---D | M] -- C:\Program Files\LP Ripper
[2009/01/03 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2009/01/03 20:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\Magebane2
[2010/10/23 00:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/08/20 08:11:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Media
[2010/09/21 20:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/06/27 10:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/08/27 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2008/08/26 06:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/10/08 23:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/11/04 08:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Agent
[2010/10/07 20:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2008/12/07 10:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/07 11:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Chart Controls
[2005/08/16 04:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/01/03 20:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/10/07 20:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/10/11 19:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/10/11 19:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/10/18 22:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/10/11 19:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/10/08 23:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/10/21 17:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works Suite 99
[2009/08/01 09:52:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2010/10/08 23:51:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2006/10/11 19:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/08/11 23:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/22 23:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/03/08 14:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/01/12 23:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/08/16 04:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/08/16 04:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/21 17:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSWorks
[2006/11/19 22:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/09/12 15:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Musette
[2009/08/22 11:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\MusicLab
[2008/04/13 20:31:23 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2009/06/22 10:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\NCSoft
[2007/07/13 20:47:35 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2008/08/26 06:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/10/11 19:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/10/28 16:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Notrium
[2008/04/13 20:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/21 21:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2009/01/03 20:33:41 | 000,000,000 | ---D | M] -- C:\Program Files\Outbreak
[2010/05/12 08:59:29 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/28 10:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\OverDrive Media Console
[2009/04/05 17:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/07/02 18:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Pekka Kana 2
[2009/01/03 20:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\PentaFlux
[2010/09/18 14:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Penumbra Overture
[2009/01/04 16:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect World Entertainment
[2009/01/03 20:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Phun
[2009/08/22 11:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Polychromatic Funk Monkey
[2008/10/26 08:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\Project64 1.6
[2010/06/29 13:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/03/15 09:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/03/08 14:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/10/12 21:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/09/19 09:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2010/05/06 22:04:19 | 000,000,000 | ---D | M] -- C:\Program Files\RGB
[2009/01/03 20:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\ROM CHECK FAIL
[2009/10/24 16:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/01/03 20:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/05/09 11:38:52 | 000,000,000 | ---D | M] -- C:\Program Files\Samorost2
[2006/10/18 10:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/06/12 13:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Scratch
[2010/08/25 18:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra On-Line
[2006/10/11 19:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2006/10/11 20:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010/08/12 16:20:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/09/21 17:55:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Media Go Install
[2009/06/02 21:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/06/05 17:47:41 | 000,000,000 | ---D | M] -- C:\Program Files\Sparkplay Media
[2010/10/09 20:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Spawn
[2009/08/22 11:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\Spooky Castle
[2010/04/02 17:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/10 08:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/06/05 17:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2010/10/01 20:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\Stella
[2009/01/03 20:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\Strange Attractors 2
[2007/11/12 12:38:33 | 000,000,000 | ---D | M] -- C:\Program Files\Strategy First
[2009/06/22 10:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Supreme Demo
[2009/01/03 20:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Swarm Racer
[2008/11/22 19:20:30 | 000,000,000 | ---D | M] -- C:\Program Files\Tale of Tales
[2010/09/03 16:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\TeamSpeak 3 Client
[2009/08/22 11:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Telltale Games
[2008/04/13 20:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\The Weather Channel FW
[2009/02/15 13:08:05 | 000,000,000 | ---D | M] -- C:\Program Files\Three Rings Design
[2010/07/22 21:56:53 | 000,000,000 | ---D | M] -- C:\Program Files\Totally Tiny Arcade
[2009/02/21 16:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/05 17:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Turbine
[2009/06/22 10:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Twisted Pixel
[2005/08/16 04:50:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/05 17:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\Unity
[2008/09/27 19:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\VDMSound
[2007/04/12 19:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/09/20 14:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2006/10/11 19:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2010/09/01 17:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Wimba
[2010/05/31 13:41:44 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/06/09 22:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2007/01/20 13:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/01/20 13:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/26 06:15:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/08/16 04:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2009/11/14 18:44:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/09/11 20:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/08/21 11:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Wizards of the Coast
[2010/05/05 19:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\WorldOfGoo
[2005/08/16 04:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/01/03 20:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/01/03 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\ZC2.10

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2010/10/09 20:34:49 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2004/08/10 05:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-12 19:44:05

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 949 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:oPhYZIJ3SwQ2H9ln3G
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BC7E6BA
@Alternate Data Stream - 1166 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VAVTpNVQ3SvqtskVATukE
@Alternate Data Stream - 1145 bytes -> C:\Program Files\Common Files\System:og3C3uS13nUFIlEOeO5LiZnXF3
@Alternate Data Stream - 1066 bytes -> C:\Documents and Settings\James Collins\Cookies:rX1eneHKGZnELaNG4ps6

< End of report >

ken545
2010-10-23, 18:41
Hi,

I am not really looking at anything earth shattering on your log.

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again


C:\WINDOWS\System32\drivers\goyxxt.sys <--This file

If the site is busy you can try this one

http://virusscan.jotti.org/en






Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic




That windows installer problem may just be a plain old windows problem, lets see what then next two scans find and if there clean I can link you to a windows forum to resolve the installer problem

zenjimc
2010-10-25, 12:56
Following is Eset scan log.

Followed directions to show all hidden files, but could not find goyxxt.sys in C:\WINDOWS\Sytem32\drivers\ so did not run VirusTotal program.

Thank you.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c21d944186afb548acd77a53cb95f714
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-25 03:28:57
# local_time=2010-10-24 11:28:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 52635321 52635321 0 0
# compatibility_mode=5121 16777173 100 75 0 17119967 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=285070
# found=2
# cleaned=2
# scan_time=11489
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP334\A0072450.exe probably a variant of Win32/Agent.HZHBURL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ken545
2010-10-25, 14:27
Hi,

Just a bad item in your Aol Downloads and your System Restore Program, but lets leave SR be for a bit, what I would like you to do is to post here at our sister site, you can link them to this thread if you wish so they can see what we have done and let them help you with the installer issue, after its fixed if you still feel you have issues malware related then post back here and we can dig deeper

This site like Safer is free but you will need to register
http://forums.whatthetech.com/index.php?showforum=119

Ken :)

zenjimc
2010-10-26, 06:05
Thank you for all of your assistance.

Jim C

ken545
2010-10-26, 11:06
Your welcome Jim, I will keep this thread open for you for a week or so, post back and let me know how it went

ken545
2010-11-06, 12:05
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken