1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive ActiveX error/Can't open any folders on Desktop

Discussion in 'Malware and Virus Removal Archive' started by brwneyez, 2010/11/13.

Page 1 of 2
  1. 2010/11/13
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    [Inactive] ActiveX error/Can't open any folders on Desktop

    I am getting the error "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly ". I get this error when trying to open any folder on my Desktop and when I click ok, nothing shows up in the folder at all.
    I ran all the scans and I am posting the logs requested for this forum. I hope I got this all right. :confused:

    MBAM:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5109

    Windows 5.0.2195 Service Pack 4
    Internet Explorer 6.0.2800.1106

    11/13/2010 4:29:17 PM
    mbam-log-2010-11-13 (16-29-17).txt

    Scan type: Quick scan
    Objects scanned: 120431
    Time elapsed: 9 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\WINNT\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FraudPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{16107999-723f-9562-ebbf-2a0b70f5775b} (Rogue.RegSort) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Administrator\Application Data\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully.

    Files Infected:
    c:\WINNT\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot.
    C:\WINNT\Bruwea.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
    C:\Program Files\glu2d3d.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Program Files\opengl2d3d.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINNT\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-13 17:17:25
    Windows 5.0.2195 Service Pack 4 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD1600JB-00GVA0 rev.08.02D08
    Running: 19cc64g9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT sppb.sys ZwCreateKey [0xBFF010E0]
    SSDT sppb.sys ZwEnumerateKey [0xBFF1FCA2]
    SSDT sppb.sys ZwEnumerateValueKey [0xBFF20030]
    SSDT sppb.sys ZwOpenKey [0xBFF010C0]
    SSDT sppb.sys ZwQueryKey [0xBFF20108]
    SSDT sppb.sys ZwQueryValueKey [0xBFF1FF88]
    SSDT sppb.sys ZwSetValueKey [0xBFF2019A]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? cykbajc.sys The system cannot find the file specified. !
    ? sppb.sys The system cannot find the file specified. !
    .text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF971360, 0x24BB1D, 0xE8000020]
    .text USBPORT.SYS!DllUnload BF9019FA 5 Bytes JMP 82A781D8
    init C:\WINNT\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xBF806900]
    pnidata C:\WINNT\system32\drivers\SECDRV.SYS unknown last section [0xBD6E2F00, 0x24000, 0x48000000]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINNT\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82AE72D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [BFF32C4C] sppb.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [BFF32CA0] sppb.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BFF020BE] sppb.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BFF027FC] sppb.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BFF026D2] sppb.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BFF02040] sppb.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BFF0213C] sppb.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[NTOSKRNL.EXE!DbgBreakPoint] 82A782D8

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\WININET.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[1204] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 82ADF1F8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\dmio \Device\DmControl\DmIoDaemon 82AE31F8
    Device \Driver\dmio \Device\DmControl\DmConfig 82AE31F8
    Device \Driver\dmio \Device\DmControl\DmPnP 82AE31F8
    Device \Driver\dmio \Device\DmControl\DmInfo 82AE31F8
    Device \Driver\usbehci \Device\USBPDO-2 828761F8

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 82AE41F8
    Device \Driver\Cdrom \Device\CdRom0 82A6C1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 82AE21F8
    Device \Driver\atapi \Device\Ide\IdePort0 82AE21F8
    Device \Driver\atapi \Device\Ide\IdePort1 82AE21F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-a 82AE21F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 826273F8
    Device \Driver\NetBT \Device\NetbiosSmb 826273F8

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\usbehci \Device\USBFDO-0 828761F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 826191F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 826191F8
    Device \Driver\Ftdisk \Device\FtControl 82AE41F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{71733386-89AA-4A6F-B4B5-B518AC57A699} 826273F8
    Device \Driver\viamraid \Device\Scsi\viamraid1 82AE11F8
    Device \FileSystem\Fastfat \Fat 825F81F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 823D61F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x26 0x4F 0xAF ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x8A 0x25 0x98 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x25 0x56 0x55 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCC 0x26 0x4F 0xAF ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x8A 0x25 0x98 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 2
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x46 0x25 0x56 0x55 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x75 0x09 0x73 0x71 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xE2 0x0B 0xEC 0x42 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{d4c816fe-4094-4f2e-8e3a-9ddc600d69a6}@Model 116
    Reg HKLM\SOFTWARE\Classes\CLSID\{d4c816fe-4094-4f2e-8e3a-9ddc600d69a6}@Therad 30
    Reg HKLM\SOFTWARE\Classes\CLSID\{d4c816fe-4094-4f2e-8e3a-9ddc600d69a6}@MData 0x2B 0x8F 0x78 0x29 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{e4b8c41d-4052-4cc9-a71b-05d54c820c40}@Model 120
    Reg HKLM\SOFTWARE\Classes\CLSID\{e4b8c41d-4052-4cc9-a71b-05d54c820c40}@Therad 28

    ---- EOF - GMER 1.0.15 ----

    MBRCHECK:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 2000 Professional
    Windows Information: Service Pack 4 (build 2195)
    Logical Drives Mask: 0x0000000d

    Kernel Drivers (total 115):
    0x80400000 \WINNT\System32\ntoskrnl.exe
    0x80062000 \WINNT\System32\hal.dll
    0xEB810000 \WINNT\System32\BOOTVID.dll
    0xEB400000 cykbajc.sys
    0xBFF00000 sppb.sys
    0xBFEED000 \WINNT\System32\Drivers\SCSIPORT.SYS
    0xBFEC5000 ACPI.sys
    0xEB9C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
    0xEB410000 pci.sys
    0xEB420000 isapnp.sys
    0xEB9C9000 pciide.sys
    0xEB680000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
    0xEB688000 MountMgr.sys
    0xBFEA8000 ftdisk.sys
    0xEB900000 Diskperf.sys
    0xEB902000 dmload.sys
    0xBFE86000 dmio.sys
    0xEB814000 PartMgr.sys
    0xBFE70000 atapi.sys
    0xBFE53000 viamraid.sys
    0xEB690000 disk.sys
    0xEB430000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
    0xBFE31000 fltmgr.sys
    0xEB440000 PxHelp20.sys
    0xBFE1F000 KSecDD.sys
    0xBFDA1000 Ntfs.sys
    0xBFD77000 NDIS.sys
    0xBFD61000 mup.sys
    0xEB470000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBF971000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xEB480000 \SystemRoot\System32\DRIVERS\NC100A.sys
    0xEB6E8000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xEB6D0000 \SystemRoot\System32\DRIVERS\uhcd.sys
    0xBF8EA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xEB6F8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xEB700000 \SystemRoot\system32\drivers\Afc.sys
    0xEB9E1000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
    0xEB710000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xEB9E4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xEB718000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xBF80E000 \SystemRoot\system32\drivers\KS.SYS
    0xBF82E000 \SystemRoot\system32\drivers\portcls.sys
    0xBF853000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xBF7AC000 \SystemRoot\system32\drivers\ALCXSENS.SYS
    0xEB738000 \SystemRoot\System32\DRIVERS\fdc.sys
    0xEB490000 \SystemRoot\System32\DRIVERS\serial.sys
    0xEB890000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xEB750000 \SystemRoot\System32\DRIVERS\parport.sys
    0xEB9EF000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xEB4A0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xEB898000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xBF795000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xEB8A8000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xEB4B0000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xEB770000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xEB780000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xEB4C0000 \SystemRoot\System32\DRIVERS\parallel.sys
    0xEB9F9000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xBF742000 \SystemRoot\System32\DRIVERS\update.sys
    0xEB4D0000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xEB4E0000 \SystemRoot\system32\DRIVERS\usbhub20.sys
    0xEB7A8000 \SystemRoot\System32\DRIVERS\flpydisk.sys
    0xEB500000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEB7B8000 \SystemRoot\System32\Drivers\EFS.SYS
    0xEB914000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xEBA06000 \SystemRoot\System32\Drivers\Null.SYS
    0xEBA08000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEBA0A000 \SystemRoot\System32\Drivers\VIAPFD.SYS
    0xEB7D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xEB7E8000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xEB7F8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xEB8E0000 \SystemRoot\System32\drivers\vga.sys
    0xEBA13000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xEB808000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xEB520000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEB920000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xBE6B3000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xEB530000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xEB6B8000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xBE651000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xBE626000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xEB540000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xEB924000 \??\C:\WINNT\system32\speedfan.sys
    0xBE605000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0xEB6D8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xBE53B000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xEB6F0000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xEB888000 \SystemRoot\System32\DRIVERS\hidusb.sys
    0xBE4C3000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xEBA26000 \??\C:\WINNT\system32\giveio.sys
    0xEB894000 \SystemRoot\System32\DRIVERS\mouhid.sys
    0xEBA29000 \SystemRoot\System32\Drivers\BANTExt.sys
    0xEB730000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xBF791000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBE48F000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xEBA4D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBE451000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xA0000000 \??\C:\WINNT\system32\win32k.sys
    0xBDE9C000 \SystemRoot\System32\nv4_disp.dll
    0xBDA44000 \SystemRoot\System32\drivers\afd.sys
    0xEB7A0000 \SystemRoot\System32\drivers\BrPar.sys
    0xEB964000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBD9E2000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBE585000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEB630000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBD8AA000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xEBABB000 \??\C:\WINNT\system32\drivers\hmonitor.sys
    0xEBAC7000 \??\C:\WINNT\system32\mbmiodrvr.sys
    0xBD757000 \SystemRoot\System32\DRIVERS\srv.sys
    0xBD6DF000 \??\C:\WINNT\system32\drivers\SECDRV.SYS
    0xBE5D5000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBD30E000 \SystemRoot\System32\DRIVERS\ipnat.sys
    0xBD282000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xBC4BB000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdipow.sys
    0x77F80000 \WINNT\system32\NTDLL.DLL

    Processes (total 31):
    0 System Idle Process
    8 System
    168 \SystemRoot\System32\smss.exe
    192 CSRSS.EXE
    188 \??\C:\WINNT\system32\winlogon.exe
    240 C:\WINNT\system32\services.exe
    252 C:\WINNT\system32\lsass.exe
    428 C:\WINNT\system32\svchost.exe
    452 C:\WINNT\system32\spoolsv.exe
    484 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    504 C:\WINNT\System32\svchost.exe
    580 C:\WINNT\system32\hidserv.exe
    620 C:\Program Files\AVG\AVG9\avgnsx.exe
    672 C:\Program Files\Java\jre6\bin\jqs.exe
    756 C:\WINNT\system32\nvsvc32.exe
    796 C:\WINNT\system32\regsvc.exe
    816 C:\WINNT\system32\MSTask.exe
    900 C:\WINNT\System32\tcpsvcs.exe
    940 C:\WINNT\System32\snmp.exe
    960 C:\WINNT\system32\stisvc.exe
    1020 C:\Program Files\VIA\RAID\vialogsv.exe
    1060 C:\WINNT\System32\WBEM\WinMgmt.exe
    1100 C:\Program Files\AVG\AVG9\avgemc.exe
    1512 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    824 C:\Program Files\AVG\AVG9\avgchsvx.exe
    792 C:\Program Files\AVG\AVG9\avgrsx.exe
    1552 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    1204 C:\WINNT\Explorer.EXE
    972 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    1696 C:\Program Files\Mozilla Firefox\firefox.exe
    880 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    WARNING: Unsupported Windows version! Results may not be accurate!
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600JB-00GVA0, Rev: 08.02D08

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    DDS (2 logs):

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 2000 Professional
    Boot Device: \Device\Harddisk0\Partition1
    Install Date:
    System Uptime: 11/13/2010 11:30:22 AM (6 hours ago)

    Motherboard: | | KT880-8237
    Processor: AMD Duron(tm) processor | Socket A | 1349/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 87.197 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
    Description: LT Win Modem
    Device ID: PCI\VEN_11C1&DEV_0440&SUBSYS_044011C1&REV_01\3&13C0B0C5&0&48
    Manufacturer: LT
    Name: LT Win Modem
    PNP Device ID: PCI\VEN_11C1&DEV_0440&SUBSYS_044011C1&REV_01\3&13C0B0C5&0&48
    Service: Modem

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    AC3Filter (remove only)
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.6
    Adobe Shockwave Player 11.5
    Amelies Cafe Halloween
    Apple Software Update
    Apycom Java Menus and Buttons
    AVG Free 9.0
    Belarc Advisor 7.0
    Brother 1440
    Burger Bustle
    Cake Mania Lights-Camera-Action
    Casper XP
    CCleaner
    CEP - Color Enable Package
    Cradle of Rome
    CTIAPI32 (remove only)
    Data Lifeguard
    Deal or No Deal
    Direct Show Ogg Vorbis Filter (remove only)
    Dream Day True Love Beta
    Family Feud 2010 1.0.4
    Farm Craft 2 Global Vegetable Crisis
    Farm Frenzy - Gone Fishing
    Farm Frenzy 3 - Madagascar
    Farm Frenzy: Gone Fishing
    Flower Shop Big City Break
    Forgotten Lands The First Colony
    Hardware sensors monitor 4.2
    Haunted Domains
    Hotfix for MDAC 2.53 (KB911562)
    Hotfix for MDAC 2.53 (KB927779)
    ImgBurn (Remove Only)
    Islands
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Jessicas Cupcake Cafe
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Micro Innovations Wireless Keyboard
    Micro Innovations Wireless Optical Mouse
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2000
    Microsoft Works 2000
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    Motherboard Monitor 5
    Mozilla Firefox (3.6.12)
    MRU-Blaster v1.5 (Database 3/28/2004)
    My Kingdom for the Princess 2 CE
    Nero OEM
    neroxml
    NVIDIA Drivers
    Paint Shop Pro 7 ESD
    Plan N Plant
    Platform
    PowerDVD
    Press Your Luck 2010 1.0.2
    Quintessential Media Player
    Ranch Rush
    Realtek AC'97 Audio
    Roads of Rome
    Samurai Last Exam
    Security Update for CAPICOM (KB931906)
    Security Update for DirectX 9 (KB951698)
    Security Update for Windows 2000 (KB904706)
    Security Update for Windows 2000 (KB941569)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    SimPE 0.60b (alpha)
    Sims2Pack Clean Installer
    SIW version 2010.07.14
    SpeedFan (remove only)
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    Startup Cop 1.1
    SUPERAntiSpyware Professional
    System Requirements Lab
    The Island - Castaway
    The Sims 2
    The Sims 2 Nightlife
    The Sims 2 Open For Business
    The Sims 2 University
    The Simsâ„¢ 2 Bon Voyage
    The Simsâ„¢ 2 Celebration! Stuff
    The Simsâ„¢ 2 Kitchen & Bath Interior Design Stuff
    The Simsâ„¢ 2 Seasons
    Tropical Mania
    Ultra AVI Converter 4.2.0909
    UltraISO Premium V9.12
    Update Rollup 1 for Windows 2000 SP4
    VC 9.0 Runtime
    VCRedistSetup
    VIA Platform Device Manager
    VLC media player 0.9.8a
    WebFldrs
    Westward III Gold Rush
    Windows 2000 Hotfix - KB842773
    Windows 2000 Hotfix - KB890046
    Windows 2000 Hotfix - KB893756
    Windows 2000 Hotfix - KB896358
    Windows 2000 Hotfix - KB896422
    Windows 2000 Hotfix - KB896423
    Windows 2000 Hotfix - KB896424
    Windows 2000 Hotfix - KB899587
    Windows 2000 Hotfix - KB899589
    Windows 2000 Hotfix - KB900725
    Windows 2000 Hotfix - KB901017
    Windows 2000 Hotfix - KB901214
    Windows 2000 Hotfix - KB902400
    Windows 2000 Hotfix - KB905414
    Windows 2000 Hotfix - KB905495
    Windows 2000 Hotfix - KB905749
    Windows 2000 Hotfix - KB908519
    Windows 2000 Hotfix - KB908523
    Windows 2000 Hotfix - KB908531
    Windows 2000 Hotfix - KB911280
    Windows 2000 Hotfix - KB911567
    Windows 2000 Hotfix - KB912812
    Windows 2000 Hotfix - KB912919
    Windows 2000 Hotfix - KB913580
    Windows 2000 Hotfix - KB914388
    Windows 2000 Hotfix - KB914389
    Windows 2000 Hotfix - KB917008
    Windows 2000 Hotfix - KB917422
    Windows 2000 Hotfix - KB917736
    Windows 2000 Hotfix - KB917953
    Windows 2000 Hotfix - KB918118
    Windows 2000 Hotfix - KB918899
    Windows 2000 Hotfix - KB920213
    Windows 2000 Hotfix - KB920670
    Windows 2000 Hotfix - KB920683
    Windows 2000 Hotfix - KB920685
    Windows 2000 Hotfix - KB920958
    Windows 2000 Hotfix - KB921398
    Windows 2000 Hotfix - KB921883
    Windows 2000 Hotfix - KB922582
    Windows 2000 Hotfix - KB922616
    Windows 2000 Hotfix - KB923191
    Windows 2000 Hotfix - KB923414
    Windows 2000 Hotfix - KB923810
    Windows 2000 Hotfix - KB923980
    Windows 2000 Hotfix - KB924191
    Windows 2000 Hotfix - KB924270
    Windows 2000 Hotfix - KB924667
    Windows 2000 Hotfix - KB925486
    Windows 2000 Hotfix - KB925902
    Windows 2000 Hotfix - KB926122
    Windows 2000 Hotfix - KB926436
    Windows 2000 Hotfix - KB927891
    Windows 2000 Hotfix - KB928843
    Windows 2000 Hotfix - KB930178
    Windows 2000 Hotfix - KB931784
    Windows 2000 Hotfix - KB933729
    Windows 2000 Hotfix - KB935839
    Windows 2000 Hotfix - KB935840
    Windows 2000 Hotfix - KB936021
    Windows 2000 Hotfix - KB937894
    Windows 2000 Hotfix - KB938464
    Windows 2000 Hotfix - KB938827
    Windows 2000 Hotfix - KB941693
    Windows 2000 Hotfix - KB943055
    Windows 2000 Hotfix - KB943485
    Windows 2000 Hotfix - KB944338
    Windows 2000 Hotfix - KB945553
    Windows 2000 Hotfix - KB948590
    Windows 2000 Hotfix - KB950749
    Windows 2000 Hotfix - KB950974
    Windows 2000 Hotfix - KB951066
    Windows 2000 Hotfix - KB951748
    Windows 2000 Hotfix - KB952954
    Windows 2000 Hotfix - KB953838
    Windows 2000 Hotfix - KB953839
    Windows 2000 Hotfix (SP4) KB810217
    Windows 2000 Hotfix (SP4) KB822679
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Media Player system update (9 Series)
    Winferno Registry Power Cleaner
    WinRAR archiver
    WinZip
    World Class Solitaire
    Yahoo! Messenger

    ==== End Of File ===========================



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 2000 Professional
    Boot Device: \Device\Harddisk0\Partition1
    Install Date:
    System Uptime: 11/13/2010 11:30:22 AM (6 hours ago)

    Motherboard: | | KT880-8237
    Processor: AMD Duron(tm) processor | Socket A | 1349/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 87.197 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
    Description: LT Win Modem
    Device ID: PCI\VEN_11C1&DEV_0440&SUBSYS_044011C1&REV_01\3&13C0B0C5&0&48
    Manufacturer: LT
    Name: LT Win Modem
    PNP Device ID: PCI\VEN_11C1&DEV_0440&SUBSYS_044011C1&REV_01\3&13C0B0C5&0&48
    Service: Modem

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    AC3Filter (remove only)
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.6
    Adobe Shockwave Player 11.5
    Amelies Cafe Halloween
    Apple Software Update
    Apycom Java Menus and Buttons
    AVG Free 9.0
    Belarc Advisor 7.0
    Brother 1440
    Burger Bustle
    Cake Mania Lights-Camera-Action
    Casper XP
    CCleaner
    CEP - Color Enable Package
    Cradle of Rome
    CTIAPI32 (remove only)
    Data Lifeguard
    Deal or No Deal
    Direct Show Ogg Vorbis Filter (remove only)
    Dream Day True Love Beta
    Family Feud 2010 1.0.4
    Farm Craft 2 Global Vegetable Crisis
    Farm Frenzy - Gone Fishing
    Farm Frenzy 3 - Madagascar
    Farm Frenzy: Gone Fishing
    Flower Shop Big City Break
    Forgotten Lands The First Colony
    Hardware sensors monitor 4.2
    Haunted Domains
    Hotfix for MDAC 2.53 (KB911562)
    Hotfix for MDAC 2.53 (KB927779)
    ImgBurn (Remove Only)
    Islands
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Jessicas Cupcake Cafe
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Micro Innovations Wireless Keyboard
    Micro Innovations Wireless Optical Mouse
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2000
    Microsoft Works 2000
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    Motherboard Monitor 5
    Mozilla Firefox (3.6.12)
    MRU-Blaster v1.5 (Database 3/28/2004)
    My Kingdom for the Princess 2 CE
    Nero OEM
    neroxml
    NVIDIA Drivers
    Paint Shop Pro 7 ESD
    Plan N Plant
    Platform
    PowerDVD
    Press Your Luck 2010 1.0.2
    Quintessential Media Player
    Ranch Rush
    Realtek AC'97 Audio
    Roads of Rome
    Samurai Last Exam
    Security Update for CAPICOM (KB931906)
    Security Update for DirectX 9 (KB951698)
    Security Update for Windows 2000 (KB904706)
    Security Update for Windows 2000 (KB941569)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    SimPE 0.60b (alpha)
    Sims2Pack Clean Installer
    SIW version 2010.07.14
    SpeedFan (remove only)
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    Startup Cop 1.1
    SUPERAntiSpyware Professional
    System Requirements Lab
    The Island - Castaway
    The Sims 2
    The Sims 2 Nightlife
    The Sims 2 Open For Business
    The Sims 2 University
    The Simsâ„¢ 2 Bon Voyage
    The Simsâ„¢ 2 Celebration! Stuff
    The Simsâ„¢ 2 Kitchen & Bath Interior Design Stuff
    The Simsâ„¢ 2 Seasons
    Tropical Mania
    Ultra AVI Converter 4.2.0909
    UltraISO Premium V9.12
    Update Rollup 1 for Windows 2000 SP4
    VC 9.0 Runtime
    VCRedistSetup
    VIA Platform Device Manager
    VLC media player 0.9.8a
    WebFldrs
    Westward III Gold Rush
    Windows 2000 Hotfix - KB842773
    Windows 2000 Hotfix - KB890046
    Windows 2000 Hotfix - KB893756
    Windows 2000 Hotfix - KB896358
    Windows 2000 Hotfix - KB896422
    Windows 2000 Hotfix - KB896423
    Windows 2000 Hotfix - KB896424
    Windows 2000 Hotfix - KB899587
    Windows 2000 Hotfix - KB899589
    Windows 2000 Hotfix - KB900725
    Windows 2000 Hotfix - KB901017
    Windows 2000 Hotfix - KB901214
    Windows 2000 Hotfix - KB902400
    Windows 2000 Hotfix - KB905414
    Windows 2000 Hotfix - KB905495
    Windows 2000 Hotfix - KB905749
    Windows 2000 Hotfix - KB908519
    Windows 2000 Hotfix - KB908523
    Windows 2000 Hotfix - KB908531
    Windows 2000 Hotfix - KB911280
    Windows 2000 Hotfix - KB911567
    Windows 2000 Hotfix - KB912812
    Windows 2000 Hotfix - KB912919
    Windows 2000 Hotfix - KB913580
    Windows 2000 Hotfix - KB914388
    Windows 2000 Hotfix - KB914389
    Windows 2000 Hotfix - KB917008
    Windows 2000 Hotfix - KB917422
    Windows 2000 Hotfix - KB917736
    Windows 2000 Hotfix - KB917953
    Windows 2000 Hotfix - KB918118
    Windows 2000 Hotfix - KB918899
    Windows 2000 Hotfix - KB920213
    Windows 2000 Hotfix - KB920670
    Windows 2000 Hotfix - KB920683
    Windows 2000 Hotfix - KB920685
    Windows 2000 Hotfix - KB920958
    Windows 2000 Hotfix - KB921398
    Windows 2000 Hotfix - KB921883
    Windows 2000 Hotfix - KB922582
    Windows 2000 Hotfix - KB922616
    Windows 2000 Hotfix - KB923191
    Windows 2000 Hotfix - KB923414
    Windows 2000 Hotfix - KB923810
    Windows 2000 Hotfix - KB923980
    Windows 2000 Hotfix - KB924191
    Windows 2000 Hotfix - KB924270
    Windows 2000 Hotfix - KB924667
    Windows 2000 Hotfix - KB925486
    Windows 2000 Hotfix - KB925902
    Windows 2000 Hotfix - KB926122
    Windows 2000 Hotfix - KB926436
    Windows 2000 Hotfix - KB927891
    Windows 2000 Hotfix - KB928843
    Windows 2000 Hotfix - KB930178
    Windows 2000 Hotfix - KB931784
    Windows 2000 Hotfix - KB933729
    Windows 2000 Hotfix - KB935839
    Windows 2000 Hotfix - KB935840
    Windows 2000 Hotfix - KB936021
    Windows 2000 Hotfix - KB937894
    Windows 2000 Hotfix - KB938464
    Windows 2000 Hotfix - KB938827
    Windows 2000 Hotfix - KB941693
    Windows 2000 Hotfix - KB943055
    Windows 2000 Hotfix - KB943485
    Windows 2000 Hotfix - KB944338
    Windows 2000 Hotfix - KB945553
    Windows 2000 Hotfix - KB948590
    Windows 2000 Hotfix - KB950749
    Windows 2000 Hotfix - KB950974
    Windows 2000 Hotfix - KB951066
    Windows 2000 Hotfix - KB951748
    Windows 2000 Hotfix - KB952954
    Windows 2000 Hotfix - KB953838
    Windows 2000 Hotfix - KB953839
    Windows 2000 Hotfix (SP4) KB810217
    Windows 2000 Hotfix (SP4) KB822679
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Media Player system update (9 Series)
    Winferno Registry Power Cleaner
    WinRAR archiver
    WinZip
    World Class Solitaire
    Yahoo! Messenger

    ==== End Of File ===========================

    Thanks in advance to anyone who can help me figure this problem out!
     
    brwneyez,
    #1
  2. 2010/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, do NOT create 5 topics about very same issue!
    It told you to wait for staff approval.

    Now...welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences ", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan ", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".
    • Make sure everything has a checkmark next to it and click "Next ".
    • A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes ".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
    Last edited: 2010/11/14
    broni,
    #2


  3. to hide this advert.

  4. 2010/11/13
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    I am so sorry about the 5 different topics. I had no idea that happened as it didn't appear to go through but the one time.
    I have tried 3 different times using the F8 key to get my computer into Safe Mode to run the SUPERAntiSpyware program but it will not let me go into Safe Mode. When I press the F8 key it just ignores that and keeps booting up as normal. Can I run the scan without it being in Safe Mode and still get a good log for you to look at? Thanks for your help.
     
    brwneyez,
    #3
  5. 2010/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's try something else...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
  6. 2010/11/13
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    ComboFix 10-11-12.06 - Administrator 11/13/2010 21:55:58.2.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.767.375 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    .
    /wow section - STAGE 10


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\.#
    c:\documents and settings\Administrator\Application Data\.#\MBX@288@DC41A0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@288@DC41D0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@288@DC4200.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@664@DC41A0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@664@DC41D0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@664@DC4200.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@698@D54160.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@698@D54190.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@698@D541C0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@720@DC41A0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@720@DC41D0.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@720@DC4200.###
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\winnt\system32\spool\prtprocs\w32x86\BRPPROC.DLL
    c:\winnt\Web\default.htt

    ----- BITS: Possible infected sites -----

    hxxp://www.graboid.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SSHNAS
    -------\Legacy_TNIDRIVER
    -------\Legacy_ZESOFT


    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-13 21:14 . 2010-04-29 20:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-13 21:14 . 2010-04-29 20:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2010-11-13 20:31 . 2010-11-13 20:31 -------- d-----w- c:\program files\SIW
    2010-11-11 01:19 . 2010-11-11 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
    2010-11-10 20:11 . 2010-11-10 20:11 -------- d-----w- c:\program files\Tropical Mania
    2010-11-10 06:28 . 2010-11-10 06:28 -------- d-----w- c:\program files\Global Star
    2010-11-03 16:16 . 2010-11-03 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\sowhat
    2010-11-02 03:23 . 2010-11-02 03:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Islands
    2010-10-31 18:13 . 2010-10-31 21:58 -------- d-----w- c:\program files\Sims2Pack Clean Installer
    2010-10-31 17:33 . 2010-10-31 17:33 669002 ----a-w- c:\winnt\unins000.exe
    2010-10-29 21:46 . 2010-10-29 21:46 -------- d-----w- c:\documents and settings\Administrator\Saved Games
    2010-10-29 21:39 . 2010-10-29 21:39 -------- d-----w- c:\program files\Oberon
    2010-10-26 19:50 . 2010-10-26 19:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jane s Hotel 3
    2010-10-24 20:00 . 2010-10-24 20:00 -------- d-----w- c:\program files\Forgotten Lands The First Colony
    2010-10-23 21:21 . 2010-10-23 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\ERS Game Studios
    2010-10-22 17:14 . 2010-10-22 17:14 295928 ----a-w- c:\winnt\Rare Treasures - Dinnerware Trading Company Uninstaller.exe
    2010-10-21 16:57 . 2010-10-21 16:57 159934 ----a-w- c:\winnt\Amelies Cafe Halloween Uninstaller.exe
    2010-10-21 16:57 . 2010-10-21 16:57 -------- d-----w- c:\program files\Amelies Cafe Halloween
    2010-10-20 21:03 . 2010-10-20 21:04 -------- d-----w- c:\program files\Haunted Domains
    2010-10-15 20:49 . 2010-10-15 23:55 -------- d-----w- c:\program files\EA GAMES

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-25 15:38 . 2008-03-25 13:31 6488064 ----a-w- c:\program files\Westward2.exe
    2008-03-23 06:40 . 2008-03-25 13:31 262144 ----a-w- c:\program files\wrap_oal.dll
    2008-03-23 06:40 . 2008-03-25 13:31 258352 ----a-w- c:\program files\unicows.dll
    2008-03-23 06:40 . 2008-03-25 13:31 86016 ----a-w- c:\program files\OpenAL32.dll
    2008-03-19 05:52 . 2008-03-23 02:18 1699840 ----a-w- c:\program files\IceCream_Mania.exe
    2008-03-19 00:08 . 2008-03-23 02:18 94208 ----a-w- c:\program files\j2k-codec.dll
    2008-03-19 00:08 . 2008-03-23 02:18 93696 ----a-w- c:\program files\j2k-control.dll
    2008-03-19 00:08 . 2008-03-23 02:18 92216 ----a-w- c:\program files\bass.dll
    2008-02-15 00:45 . 2008-02-15 00:45 356 ----a-w- c:\program files\CardGames2007LocalPref.bin
    2008-02-15 00:40 . 2008-02-15 00:40 1024 ----a-w- c:\program files\LocalNotes.bin
    2008-02-15 00:38 . 2008-02-15 00:35 116 ----a-w- c:\program files\LocalPref.bin
    2008-11-21 21:45 . 2008-11-21 21:45 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-11-21 21:45 . 2008-11-21 21:45 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-11-21 21:45 . 2008-11-21 21:45 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    .

    ------- Sigcheck -------

    [-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

    [-] 2004-07-09 09:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-02-07 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-02-07 02:41 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-15 13:51 12536 ----a-w- c:\winnt\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cacaoweb]
    2010-11-09 17:19 333824 ----a-w- c:\documents and settings\Administrator\Application Data\cacaoweb\cacaoweb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    "SUPERAntiSpyware "=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    "EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" -silent
    "cacaoweb "= "c:\documents and settings\Administrator\Application Data\cacaoweb\cacaoweb.exe" -noplayer

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Synchronization Manager "=mobsync.exe /logon
    "NeroFilterCheck "=c:\winnt\system32\NeroCheck.exe
    "NvCplDaemon "=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
    "nwiz "=nwiz.exe /install
    "NvMediaCenter "=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
    "SoundMan "=SOUNDMAN.EXE
    "AVG7_CC "=c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    "AVG7_EMC "=c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
    "OFFICEKB "=c:\program files\Micro Innovations\Keyboard\kbdap32a.EXE
    "FLMOFFICE4DMOUSE "=c:\program files\Micro Innovations\Mouse\mouse32a.exe
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "PWRISOVM.EXE "=c:\program files\PowerISO\PWRISOVM.EXE
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    "AVG9_TRAY "=c:\progra~1\AVG\AVG9\avgtray.exe

    R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [10/17/2007 11:23 PM 717296]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [9/13/2008 4:01 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [9/13/2008 4:01 PM 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/6/2008 11:58 AM 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/6/2008 11:58 AM 55024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 8:50 AM 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:51 AM 308136]
    R2 Iprip;RIP Listener;c:\winnt\System32\svchost.exe -k netsvcs [7/24/2002 7:00 AM 7952]
    R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2/13/2009 9:08 PM 52888]
    R3 NC100;Network Everywhere Fast Ethernet Adapter(NC100 v2);c:\winnt\system32\drivers\NC100A.sys [2/12/2009 9:05 PM 35013]
    R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
    S3 3dfxvs;3dfxvs;c:\winnt\system32\drivers\3dfxvsm.sys [11/2/2000 1:00 PM 169840]
    S3 krdpdre;krdpdre; [x]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
    S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [12/2/2003 11:16 PM 9038]
    S3 voodoo3;voodoo3;c:\winnt\system32\drivers\voodoo3.sys [12/2/2003 6:00 PM 53008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL =
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchAssistant =
    uCustomizeSearch =
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    LSP: %SystemRoot%\system32\msafd.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=24375
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-ddcAtssR - ddcAtssR.dll
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-13 22:15
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-220523388-746137067-1343024091-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:63,6b,07,36,f6,71,68,5b,d1,04,27,18,05,34,2f,ec,06,c5,7f,16,11,9b,ce,
    da,35,fd,d9,e4,3c,10,06,f1,04,c4,78,c4,00,f1,18,15,33,8a,9a,61,9b,9d,db,fc,\
    "?? "=hex:8d,0b,2c,a9,81,3f,a2,55,9a,e1,35,6d,1d,30,fb,40

    [HKEY_USERS\S-1-5-21-220523388-746137067-1343024091-500\Software\SecuROM\License information*]
    "datasecu "=hex:d9,82,bc,4a,e2,96,41,77,94,67,02,37,9b,6d,16,d1,43,18,cb,7d,37,
    49,d5,a4,84,40,dc,90,1a,6f,93,e3,3c,b1,64,4e,4f,a1,70,22,4d,88,e9,fd,1a,cd,\
    "rkeysecu "=hex:aa,86,95,f2,f0,ac,81,54,9c,6e,27,dd,c8,d3,82,74

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):75,09,73,71,79,b2,f0,d8,ff,a6,fc,14,90,05,8b,2f,31,97,66,ef,fd,
    9c,e7,ff,4f,b7,5f,98,19,4c,c8,6f,b0,3f,e2,9c,d1,90,b7,95,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):e2,0b,ec,42,62,2d,40,ff,41,38,8d,7c,5c,e5,3d,96,f1,36,b2,ac,ae,
    b2,ed,cb,22,0c,90,a2,79,01,f6,6f,e2,ab,6b,59,4e,78,6a,40,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d4c816fe-4094-4f2e-8e3a-9ddc600d69a6}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000074
    "Therad "=dword:0000001e
    "MData "=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,02,44,ed,f3,d4,9c,7e,a0,20,77,a6,2f,9d,ea,c2,a7,c1,e1,98,fb,56,da,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4b8c41d-4052-4cc9-a71b-05d54c820c40}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000078
    "Therad "=dword:0000001c

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(188)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\winnt\system32\mobgra64.dll
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL

    - - - - - - - > 'explorer.exe'(308)
    c:\winnt\AppPatch\AcLayers.DLL
    c:\winnt\system32\mobgra64.dll
    c:\winnt\system32\gepwxi64.dll
    c:\winnt\system32\SHDOCVW.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\winnt\system32\hidserv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\winnt\system32\nvsvc32.exe
    c:\winnt\system32\regsvc.exe
    c:\winnt\system32\MSTask.exe
    c:\winnt\System32\tcpsvcs.exe
    c:\winnt\System32\snmp.exe
    c:\winnt\system32\stisvc.exe
    c:\winnt\System32\WBEM\WinMgmt.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-13 22:20:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-14 03:20
    ComboFix2.txt 2007-10-31 01:52

    Pre-Run: 92,773,273,600 bytes free
    Post-Run: 92,724,600,832 bytes free

    - - End Of File - - DF91BB42D532C3CD65BD383F89A30B17
     
    brwneyez,
    #5
  7. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
c:\documents and settings\Administrator\Application Data\cacaoweb


Driver::
krdpdre

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cacaoweb]

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #6
  8. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    ComboFix 10-11-12.06 - Administrator 11/14/2010 10:15:11.3.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.767.473 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    .
    /wow section - STAGE 10


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\cacaoweb
    c:\documents and settings\Administrator\Application Data\cacaoweb\cacaoweb.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_KRDPDRE
    -------\Service_krdpdre


    ((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
    .

    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-13 21:14 . 2010-04-29 20:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-13 21:14 . 2010-11-13 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-13 21:14 . 2010-04-29 20:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2010-11-13 20:31 . 2010-11-13 20:31 -------- d-----w- c:\program files\SIW
    2010-11-11 01:19 . 2010-11-11 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Cateia Games
    2010-11-10 20:11 . 2010-11-10 20:11 -------- d-----w- c:\program files\Tropical Mania
    2010-11-10 06:28 . 2010-11-10 06:28 -------- d-----w- c:\program files\Global Star
    2010-11-03 16:16 . 2010-11-03 16:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\sowhat
    2010-11-02 03:23 . 2010-11-02 03:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Islands
    2010-10-31 18:13 . 2010-10-31 21:58 -------- d-----w- c:\program files\Sims2Pack Clean Installer
    2010-10-31 17:33 . 2010-10-31 17:33 669002 ----a-w- c:\winnt\unins000.exe
    2010-10-29 21:46 . 2010-10-29 21:46 -------- d-----w- c:\documents and settings\Administrator\Saved Games
    2010-10-29 21:39 . 2010-10-29 21:39 -------- d-----w- c:\program files\Oberon
    2010-10-26 19:50 . 2010-10-26 19:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jane s Hotel 3
    2010-10-24 20:00 . 2010-10-24 20:00 -------- d-----w- c:\program files\Forgotten Lands The First Colony
    2010-10-23 21:21 . 2010-10-23 21:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\ERS Game Studios
    2010-10-22 17:14 . 2010-10-22 17:14 295928 ----a-w- c:\winnt\Rare Treasures - Dinnerware Trading Company Uninstaller.exe
    2010-10-21 16:57 . 2010-10-21 16:57 159934 ----a-w- c:\winnt\Amelies Cafe Halloween Uninstaller.exe
    2010-10-21 16:57 . 2010-10-21 16:57 -------- d-----w- c:\program files\Amelies Cafe Halloween
    2010-10-20 21:03 . 2010-10-20 21:04 -------- d-----w- c:\program files\Haunted Domains
    2010-10-15 20:49 . 2010-10-15 23:55 -------- d-----w- c:\program files\EA GAMES

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-25 15:38 . 2008-03-25 13:31 6488064 ----a-w- c:\program files\Westward2.exe
    2008-03-23 06:40 . 2008-03-25 13:31 262144 ----a-w- c:\program files\wrap_oal.dll
    2008-03-23 06:40 . 2008-03-25 13:31 258352 ----a-w- c:\program files\unicows.dll
    2008-03-23 06:40 . 2008-03-25 13:31 86016 ----a-w- c:\program files\OpenAL32.dll
    2008-03-19 05:52 . 2008-03-23 02:18 1699840 ----a-w- c:\program files\IceCream_Mania.exe
    2008-03-19 00:08 . 2008-03-23 02:18 94208 ----a-w- c:\program files\j2k-codec.dll
    2008-03-19 00:08 . 2008-03-23 02:18 93696 ----a-w- c:\program files\j2k-control.dll
    2008-03-19 00:08 . 2008-03-23 02:18 92216 ----a-w- c:\program files\bass.dll
    2008-02-15 00:45 . 2008-02-15 00:45 356 ----a-w- c:\program files\CardGames2007LocalPref.bin
    2008-02-15 00:40 . 2008-02-15 00:40 1024 ----a-w- c:\program files\LocalNotes.bin
    2008-02-15 00:38 . 2008-02-15 00:35 116 ----a-w- c:\program files\LocalPref.bin
    2008-11-21 21:45 . 2008-11-21 21:45 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-11-21 21:45 . 2008-11-21 21:45 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-11-21 21:45 . 2008-11-21 21:45 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    .

    ------- Sigcheck -------

    [-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

    [-] 2004-07-09 09:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-14_03.15.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-14 15:08 . 2010-11-14 15:08 16384 c:\winnt\system32\Perflib_Perfdata_388.dat
    + 2010-11-14 15:27 . 2010-11-14 15:27 16384 c:\winnt\system32\Perflib_Perfdata_27c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-02-07 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-02-07 02:41 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-15 13:51 12536 ----a-w- c:\winnt\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    "SUPERAntiSpyware "=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    "EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" -silent
    "cacaoweb "= "c:\documents and settings\Administrator\Application Data\cacaoweb\cacaoweb.exe" -noplayer

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Synchronization Manager "=mobsync.exe /logon
    "NeroFilterCheck "=c:\winnt\system32\NeroCheck.exe
    "NvCplDaemon "=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
    "nwiz "=nwiz.exe /install
    "NvMediaCenter "=RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
    "SoundMan "=SOUNDMAN.EXE
    "AVG7_CC "=c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    "AVG7_EMC "=c:\progra~1\Grisoft\AVGFRE~1\avgemc.exe
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe "
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
    "OFFICEKB "=c:\program files\Micro Innovations\Keyboard\kbdap32a.EXE
    "FLMOFFICE4DMOUSE "=c:\program files\Micro Innovations\Mouse\mouse32a.exe
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
    "PWRISOVM.EXE "=c:\program files\PowerISO\PWRISOVM.EXE
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    "AVG9_TRAY "=c:\progra~1\AVG\AVG9\avgtray.exe

    R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [10/17/2007 11:23 PM 717296]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [9/13/2008 4:01 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [9/13/2008 4:01 PM 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/6/2008 11:58 AM 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/6/2008 11:58 AM 55024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 8:50 AM 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 8:51 AM 308136]
    R2 Iprip;RIP Listener;c:\winnt\System32\svchost.exe -k netsvcs [7/24/2002 7:00 AM 7952]
    R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2/13/2009 9:08 PM 52888]
    R3 NC100;Network Everywhere Fast Ethernet Adapter(NC100 v2);c:\winnt\system32\drivers\NC100A.sys [2/12/2009 9:05 PM 35013]
    R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
    S3 3dfxvs;3dfxvs;c:\winnt\system32\drivers\3dfxvsm.sys [11/2/2000 1:00 PM 169840]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
    S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [12/2/2003 11:16 PM 9038]
    S3 voodoo3;voodoo3;c:\winnt\system32\drivers\voodoo3.sys [12/2/2003 6:00 PM 53008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL =
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = 127.0.0.1
    uSearchAssistant =
    uCustomizeSearch =
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    LSP: %SystemRoot%\system32\msafd.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=24375
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-14 10:30
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-220523388-746137067-1343024091-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "?? "=hex:63,6b,07,36,f6,71,68,5b,d1,04,27,18,05,34,2f,ec,06,c5,7f,16,11,9b,ce,
    da,35,fd,d9,e4,3c,10,06,f1,04,c4,78,c4,00,f1,18,15,33,8a,9a,61,9b,9d,db,fc,\
    "?? "=hex:8d,0b,2c,a9,81,3f,a2,55,9a,e1,35,6d,1d,30,fb,40

    [HKEY_USERS\S-1-5-21-220523388-746137067-1343024091-500\Software\SecuROM\License information*]
    "datasecu "=hex:d9,82,bc,4a,e2,96,41,77,94,67,02,37,9b,6d,16,d1,43,18,cb,7d,37,
    49,d5,a4,84,40,dc,90,1a,6f,93,e3,3c,b1,64,4e,4f,a1,70,22,4d,88,e9,fd,1a,cd,\
    "rkeysecu "=hex:aa,86,95,f2,f0,ac,81,54,9c,6e,27,dd,c8,d3,82,74

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):75,09,73,71,79,b2,f0,d8,ff,a6,fc,14,90,05,8b,2f,31,97,66,ef,fd,
    9c,e7,ff,4f,b7,5f,98,19,4c,c8,6f,b0,3f,e2,9c,d1,90,b7,95,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):e2,0b,ec,42,62,2d,40,ff,41,38,8d,7c,5c,e5,3d,96,f1,36,b2,ac,ae,
    b2,ed,cb,22,0c,90,a2,79,01,f6,6f,e2,ab,6b,59,4e,78,6a,40,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d4c816fe-4094-4f2e-8e3a-9ddc600d69a6}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000074
    "Therad "=dword:0000001e
    "MData "=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,02,44,ed,f3,d4,9c,7e,a0,20,77,a6,2f,9d,ea,c2,a7,c1,e1,98,fb,56,da,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e4b8c41d-4052-4cc9-a71b-05d54c820c40}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000078
    "Therad "=dword:0000001c

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(188)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\winnt\system32\mobgra64.dll
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL

    - - - - - - - > 'explorer.exe'(1084)
    c:\winnt\AppPatch\AcLayers.DLL
    c:\winnt\system32\mobgra64.dll
    c:\winnt\system32\gepwxi64.dll
    c:\winnt\system32\SHDOCVW.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\winnt\system32\hidserv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\winnt\system32\nvsvc32.exe
    c:\winnt\system32\regsvc.exe
    c:\winnt\system32\MSTask.exe
    c:\winnt\System32\tcpsvcs.exe
    c:\winnt\System32\snmp.exe
    c:\winnt\system32\stisvc.exe
    c:\winnt\System32\WBEM\WinMgmt.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-14 10:34:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-14 15:34
    ComboFix2.txt 2010-11-14 03:20
    ComboFix3.txt 2007-10-31 01:52

    Pre-Run: 92,742,017,024 bytes free
    Post-Run: 92,719,153,152 bytes free

    - - End Of File - - 2F40756AAC4C4CC90383DD5EC22ABF96
     
    brwneyez,
    #7
  9. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    How is computer doing? Still any errors?
    Can you access Safe Mode now?
     
    broni,
    #8
  10. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    I still can't access Safe Mode and I am still getting the ActiveX error when I try to open any folder on my Desktop.
     
    brwneyez,
    #9
  11. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #10
  12. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    OTL Extras logfile created on: 11/14/2010 4:38:25 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.00 Mb Total Physical Memory | 490.00 Mb Available Physical Memory | 64.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1150 1150 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 86.36 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

    Computer Name: HOME | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{125B04E8-BD3B-4A9E-9887-6A366EBFEA19}" = Samurai Last Exam
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{243FA669-BEA1-4FD7-906F-DAF000D6B33A}" = Casper XP
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{2A1A80FB-8ACA-4215-B8EE-A1D1DE15B7DA}" = Burger Bustle
    "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B35D4FD-AB46-42AE-813A-E8AA81DE67D3}" = Farm Frenzy - Gone Fishing
    "{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51A11709-4EEB-4F0A-98D2-7570AC9C5E48}" = World Class Solitaire
    "{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5752146D-4C7C-4C9A-8208-C850A4ECB501}" = Roads of Rome
    "{5CB7D1BC-F5CD-4644-957C-D65D5FD671BB}" = The Island - Castaway
    "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
    "{799573C4-EBD9-46E5-ADB7-EEA1A03E872A}" = Farm Frenzy 3 - Madagascar
    "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112190553}" = Cradle of Rome
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
    "{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
    "{B1A91DFF-5CF6-4DB3-882D-F59BC4D4669F}" = Plan N Plant
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{BA9BD539-C303-4670-9301-10C055232655}" = Cake Mania Lights-Camera-Action
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
    "{CEA0BA90-DED4-169F-BA18-D9F57E43E6AD}" = Deal or No Deal
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
    "{DF25BE89-211F-4E77-BF57-8399304DDA5F}" = Flower Shop Big City Break
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
    "{E0534488-8A7C-4341-A9F0-09BFC739D884}" = My Kingdom for the Princess 2 CE
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "AC3Filter" = AC3Filter (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Amelies Cafe Halloween" = Amelies Cafe Halloween
    "Apycom Java Menus and Buttons" = Apycom Java Menus and Buttons
    "AVG9Uninstall" = AVG Free 9.0
    "Belarc Advisor 2.0" = Belarc Advisor 7.0
    "Brother 1440" = Brother 1440
    "CCleaner" = CCleaner
    "CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
    "CTIAPI32" = CTIAPI32 (remove only)
    "Dream Day True Love Beta" = Dream Day True Love Beta
    "Family Feud 2010" = Family Feud 2010 1.0.4
    "Farm Craft 2 Global Vegetable Crisis_is1" = Farm Craft 2 Global Vegetable Crisis
    "Farm Frenzy: Gone Fishing" = Farm Frenzy: Gone Fishing
    "Forgotten Lands The First Colony1.0" = Forgotten Lands The First Colony
    "Hardware sensors monitor 4.2_is1" = Hardware sensors monitor 4.2
    "Haunted Domains" = Haunted Domains
    "ImgBurn" = ImgBurn (Remove Only)
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "Islands_is1" = Islands
    "Jessicas Cupcake Cafe_is1" = Jessicas Cupcake Cafe
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Micro Innovations Wireless Keyboard" = Micro Innovations Wireless Keyboard
    "Micro Innovations Wireless Optical Mouse" = Micro Innovations Wireless Optical Mouse
    "Motherboard Monitor 5_is1" = Motherboard Monitor 5
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "NVIDIA Drivers" = NVIDIA Drivers
    "OggDS" = Direct Show Ogg Vorbis Filter (remove only)
    "PC Magazine's Startup Cop_is1" = Startup Cop 1.1
    "Press Your Luck 2010" = Press Your Luck 2010 1.0.2
    "Quintessential Media Player" = Quintessential Media Player
    "Ranch Rush_is1" = Ranch Rush
    "RegPowerClean2006_is1" = Winferno Registry Power Cleaner
    "SimPE_is1" = SimPE 0.60b (alpha)
    "Sims2Pack Clean Installer " = Sims2Pack Clean Installer
    "SpeedFan" = SpeedFan (remove only)
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "SystemRequirementsLab" = System Requirements Lab
    "Tropical Mania" = Tropical Mania
    "Ultra AVI Converter_is1" = Ultra AVI Converter 4.2.0909
    "UltraISO_is1" = UltraISO Premium V9.12
    "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
    "VLC media player" = VLC media player 0.9.8a
    "Westward III Gold Rush1.000" = Westward III Gold Rush
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "WMP7" = Windows Media Player system update (9 Series)
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2010 8:09:36 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 8:19:09 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 9:51:57 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 9:54:22 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 10:12:08 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 10:47:43 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 11:10:19 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/14/2010 11:07:54 AM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/14/2010 11:27:56 AM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/14/2010 5:14:34 PM | Computer Name = HOME | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll "
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    [ System Events ]
    Error - 11/13/2010 9:51:38 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/13/2010 9:54:02 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/13/2010 10:11:49 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/13/2010 10:47:25 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/13/2010 10:55:38 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
    Description = The VRAID Log Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    No action.

    Error - 11/13/2010 11:10:01 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/14/2010 11:07:38 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/14/2010 11:14:51 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
    Description = The VRAID Log Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    No action.

    Error - 11/14/2010 11:27:38 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2

    Error - 11/14/2010 5:14:16 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
    Description = The Aspi32 service failed to start due to the following error: %%2


    < End of report >
     
    brwneyez,
    #11
  13. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    OTL logfile created on: 11/14/2010 4:38:25 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.00 Mb Total Physical Memory | 490.00 Mb Available Physical Memory | 64.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1150 1150 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 86.36 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

    Computer Name: HOME | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 16:37:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/11/10 08:12:02 | 002,069,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/11/10 08:10:35 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/09/24 07:38:01 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/07/21 07:39:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
    PRC - [2010/07/15 08:51:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/07/15 08:51:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/07/15 08:50:12 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2008/09/24 15:50:46 | 000,052,888 | ---- | M] () -- C:\Program Files\VIA\RAID\vialogsv.exe
    PRC - [2004/09/07 07:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
    PRC - [2003/06/19 15:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
    PRC - [2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2003/06/19 14:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
    PRC - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
    PRC - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 16:37:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2007/03/06 06:17:48 | 000,010,752 | ---- | M] (Microsott Corporation) -- C:\WINNT\system32\mobgra64.dll
    MOD - [2003/06/19 14:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
    MOD - [2003/06/19 14:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
    MOD - [2002/07/24 07:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (SBHookSvc)
    SRV - [2010/07/21 07:39:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
    SRV - [2010/07/15 08:51:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/09/24 15:50:46 | 000,052,888 | ---- | M] () [Auto | Running] -- C:\Program Files\VIA\RAID\vialogsv.exe -- (VRAID Log Service)
    SRV - [2004/09/07 07:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
    SRV - [2003/06/19 15:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
    SRV - [2003/06/19 14:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
    SRV - [2003/06/19 14:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
    SRV - [2003/06/19 14:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
    SRV - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
    SRV - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
    SRV - [2003/06/19 14:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
    SRV - [2002/07/24 07:00:00 | 000,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\IPFilter.sys -- (IPFilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/07/15 08:51:44 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/15 08:50:15 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/02 07:56:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINNT\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/02/06 21:41:47 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2009/02/06 21:41:46 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2008/05/20 12:10:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2006/12/05 09:26:22 | 000,007,188 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\Hmonitor.sys -- (hmonitor)
    DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2006/09/24 08:28:47 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINNT\system32\speedfan.sys -- (speedfan)
    DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
    DRV - [2006/02/16 16:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2005/04/25 11:10:20 | 000,033,538 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Capt905c.sys -- (SQTECH905C)
    DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
    DRV - [2004/07/01 01:49:00 | 000,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/04/10 08:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\WINNT\system32\mbmiodrvr.sys -- (mbmiodrvr)
    DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
    DRV - [2003/06/19 14:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2003/06/19 14:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\dmio.sys -- (dmio)
    DRV - [2003/06/19 14:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
    DRV - [2003/06/19 14:05:04 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)
    DRV - [2003/06/19 14:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
    DRV - [2003/06/19 14:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
    DRV - [2003/06/19 14:05:04 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2003/06/19 14:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
    DRV - [2003/06/19 14:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
    DRV - [2003/06/18 15:48:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
    DRV - [2003/01/15 10:46:02 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
    DRV - [2002/07/24 07:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
    DRV - [2002/07/24 07:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
    DRV - [2002/07/24 07:00:00 | 000,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\sglfb.sys -- (sglfb)
    DRV - [2002/07/24 07:00:00 | 000,002,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)
    DRV - [2001/12/13 13:57:00 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
    DRV - [2001/11/09 01:40:00 | 000,042,752 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM)
    DRV - [2001/10/26 01:00:00 | 000,492,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sbpci.sys -- (sbpci) Sound Blaster PCI128 Audio Driver (WDM)
    DRV - [2001/10/18 12:00:00 | 000,006,234 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2001/09/07 16:09:18 | 000,889,636 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\winachcf.sys -- (Winachcf)
    DRV - [2001/02/23 11:12:10 | 000,035,013 | ---- | M] (Network Everywhere) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NC100A.sys -- (NC100) Network Everywhere Fast Ethernet Adapter(NC100 v2)
    DRV - [2000/11/02 13:00:40 | 000,169,840 | ---- | M] (3dfx Interactive, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\3dfxvsm.sys -- (3dfxvs)
    DRV - [2000/10/19 04:05:00 | 000,023,730 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2000/10/19 04:05:00 | 000,023,730 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaagp1.sys -- (viaagp)
    DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\BrPar.sys -- (BrPar)
    DRV - [1999/10/29 10:00:58 | 000,053,008 | ---- | M] (3Dfx Interactive, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\voodoo3.sys -- (voodoo3)
    DRV - [1999/10/23 13:01:40 | 000,413,712 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ltmdmnt.sys -- (ltmodem5)
    DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\giveio.sys -- (giveio)
     
    brwneyez,
    #12
  14. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.wunderground.com/cgi-bin/findweather/getForecast?query=24375 "
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
    FF - prefs.js..extensions.enabledItems: cacaoweb@cacaoweb.org:1.0.5
    FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/26 07:33:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 09:07:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/04 09:07:22 | 000,000,000 | ---D | M]

    [2008/08/27 13:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/11/14 11:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions
    [2010/07/26 22:43:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/09/21 19:33:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/04/04 14:57:41 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
    [2009/10/07 11:21:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/07/26 09:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\cacaoweb@cacaoweb.org
    [2009/10/07 11:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\LogMeInClient@logmein.com
    [2008/11/20 23:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\extensions\moveplayer@movenetworks.com
    [2008/05/20 12:14:08 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ol14scpp.default\searchplugins\daemon-search.xml
    [2010/11/14 11:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/24 17:02:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2008/11/21 16:45:38 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
    [2008/11/21 16:45:40 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
    [2008/11/21 16:45:40 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
    [2010/04/24 17:02:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2010/11/14 10:29:59 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
    O3 - HKCU\..\Toolbar\WebBrowser: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DriveConfiguration = [Binary data over 100 bytes]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\WINNT\Downloaded Program Files\stg_drm.ocx (Reg Error: Key error.)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1221340059586 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1221340022493 (MUWebControl Class)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\WINNT\Downloaded Program Files\armhelper.ocx (ArmHelper Control)
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
    O18 - Protocol\Filter\application/octet-stream - No CLSID value found
    O18 - Protocol\Filter\application/x-bt2 - No CLSID value found
    O18 - Protocol\Filter\application/x-complus - No CLSID value found
    O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
    O18 - Protocol\Filter\Class Install Handler - No CLSID value found
    O18 - Protocol\Filter\deflate - No CLSID value found
    O18 - Protocol\Filter\gzip - No CLSID value found
    O18 - Protocol\Filter\lzdhtml - No CLSID value found
    O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\My Documents\Kims Pics\Summer 2010\baby-with-mustache-3.jpg
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/04/12 13:46:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
    NetSvcs: Nwsapagent - File not found

    Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
    Drivers32: aux2 - File not found
    Drivers32: aux3 - File not found
    Drivers32: aux4 - File not found
    Drivers32: aux5 - File not found
    Drivers32: aux6 - File not found
    Drivers32: aux7 - File not found
    Drivers32: aux8 - File not found
    Drivers32: aux9 - File not found
    Drivers32: midi6 - File not found
    Drivers32: midi7 - File not found
    Drivers32: midi8 - File not found
    Drivers32: midi9 - File not found
    Drivers32: mixer5 - File not found
    Drivers32: mixer6 - File not found
    Drivers32: mixer7 - File not found
    Drivers32: mixer8 - File not found
    Drivers32: mixer9 - File not found
    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINNT\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\system32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\system32\ir32_32.dll ()
    Drivers32: VIDC.IV41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINNT\System32\iyuv_32.dll (Intel(R) Corporation)
    Drivers32: vidc.VP60 - C:\WINNT\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINNT\system32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINNT\System32\xvidvfw.dll ()
    Drivers32: VIDC.YVU9 - C:\WINNT\System32\tsbyuv.dll (Toshiba Corporation)
    Drivers32: wave2 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave3 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave5 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)
    Drivers32: wave8 - File not found
    Drivers32: wave9 - File not found
    SystemRestore not available.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 16:37:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/14 10:34:57 | 000,000,000 | ---D | C] -- C:\WINNT\temp
    [2010/11/13 21:51:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2010/11/13 21:51:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2010/11/13 21:51:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2010/11/13 20:43:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\My Documents\Folder Settings
    [2010/11/13 16:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/13 16:14:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
    [2010/11/13 16:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/13 16:14:31 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
    [2010/11/13 16:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/13 16:13:48 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [2010/11/13 16:00:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/11/13 15:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
    [2010/11/13 15:31:37 | 002,759,838 | ---- | C] (Topala Software Solutions ) -- C:\Documents and Settings\Administrator\Desktop\siw-setup.exe
    [2010/11/10 20:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
    [2010/11/10 15:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Tropical Mania
    [2010/11/10 01:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Global Star
    [2010/11/03 11:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\sowhat
    [2010/11/01 22:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Islands
    [2010/10/31 13:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
    [2010/10/29 16:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Saved Games
    [2010/10/29 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon
    [2010/10/26 14:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jane s Hotel 3
    [2010/10/24 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Forgotten Lands The First Colony
    [2010/10/23 16:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ERS Game Studios
    [2010/10/21 11:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amelies Cafe Halloween
    [2010/10/20 16:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Haunted Domains
    [2010/10/15 17:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
    [2010/10/15 16:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sims 2 Games and Stuff Packs
    [2008/03/25 08:31:56 | 000,262,144 | ---- | C] (Creative Labs) -- C:\Program Files\wrap_oal.dll
    [2008/03/25 08:31:56 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\unicows.dll
    [2008/03/25 08:31:56 | 000,086,016 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Program Files\OpenAL32.dll
    [2008/03/22 21:18:23 | 000,094,208 | ---- | C] (j2k-codec.com) -- C:\Program Files\j2k-codec.dll
    [2008/03/22 21:18:23 | 000,093,696 | ---- | C] (j2k-codec.com) -- C:\Program Files\j2k-control.dll
    [2008/03/22 21:18:23 | 000,092,216 | ---- | C] (Un4seen Developments) -- C:\Program Files\bass.dll
    [2007/10/28 20:14:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    [2003/12/09 13:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINNT\System32\comintfs.dll
     
    brwneyez,
    #13
  15. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 16:37:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/14 16:16:26 | 000,087,665 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
    [2010/11/14 16:14:41 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_384.dat
    [2010/11/14 16:14:28 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
    [2010/11/14 10:29:59 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2010/11/14 10:08:05 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
    [2010/11/14 08:46:38 | 067,613,425 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
    [2010/11/13 21:40:43 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/13 19:22:11 | 804,769,792 | ---- | M] () -- C:\WINNT\MEMORY.DMP
    [2010/11/13 17:19:35 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/11/13 17:17:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/11/13 16:57:53 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\19cc64g9.exe
    [2010/11/13 16:14:35 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 16:13:44 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [2010/11/13 16:00:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/11/13 15:32:05 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SIW.lnk
    [2010/11/13 15:31:21 | 002,759,838 | ---- | M] (Topala Software Solutions ) -- C:\Documents and Settings\Administrator\Desktop\siw-setup.exe
    [2010/11/10 20:47:34 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Cake_Mania6.exe.lnk
    [2010/11/10 15:11:10 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tropical Mania.lnk
    [2010/11/10 01:34:28 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Document.rtf
    [2010/11/10 01:31:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Deal or No Deal.lnk
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINNT\MBR.exe
    [2010/11/06 17:17:15 | 000,309,192 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
    [2010/11/04 18:28:10 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/03 11:16:17 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Angelo.exe.lnk
    [2010/11/01 22:15:37 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Islands.lnk
    [2010/10/31 13:23:13 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Sims2EP6.exe.lnk
    [2010/10/31 13:13:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sims2Pack Clean Installer.lnk
    [2010/10/31 12:33:45 | 000,003,852 | ---- | M] () -- C:\WINNT\unins000.dat
    [2010/10/31 12:33:38 | 000,669,002 | ---- | M] () -- C:\WINNT\unins000.exe
    [2010/10/29 16:40:44 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dream Day True Love Beta.lnk
    [2010/10/29 16:38:25 | 000,000,023 | ---- | M] () -- C:\WINNT\Brownie.ini
    [2010/10/29 16:37:45 | 000,000,312 | ---- | M] () -- C:\WINNT\BRDIAG.INI
    [2010/10/26 14:50:17 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to JanesHotel3.exe.lnk
    [2010/10/24 15:00:42 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Forgotten Lands The First Colony.lnk
    [2010/10/22 12:14:35 | 000,295,928 | ---- | M] () -- C:\WINNT\Rare Treasures - Dinnerware Trading Company Uninstaller.exe
    [2010/10/22 12:12:48 | 000,000,116 | ---- | M] () -- C:\WINNT\NeroDigital.ini
    [2010/10/21 11:57:39 | 000,159,934 | ---- | M] () -- C:\WINNT\Amelies Cafe Halloween Uninstaller.exe
    [2010/10/21 11:57:38 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Amelies Cafe Halloween.lnk
    [2010/10/20 16:10:34 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlowerShop.exe.lnk
    [2010/10/20 16:04:42 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Haunted Domains.lnk
    [2010/10/19 16:42:10 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to BookwormAdventuresVol2.exe.lnk
    [2010/10/19 12:27:54 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to thomaswords.exe.lnk
    [2010/10/16 17:36:59 | 000,000,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to FarmTribe.exe.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/14 16:14:41 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_384.dat
    [2010/11/14 16:14:28 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
    [2010/11/14 10:08:05 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
    [2010/11/13 21:51:20 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
    [2010/11/13 21:51:19 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
    [2010/11/13 21:51:19 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2010/11/13 21:51:19 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2010/11/13 21:51:19 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2010/11/13 21:40:03 | 003,909,080 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/13 19:18:48 | 804,769,792 | ---- | C] () -- C:\WINNT\MEMORY.DMP
    [2010/11/13 17:19:37 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
    [2010/11/13 17:17:47 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/11/13 16:57:57 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\19cc64g9.exe
    [2010/11/13 16:14:35 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/13 15:32:05 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SIW.lnk
    [2010/11/10 20:47:34 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Cake_Mania6.exe.lnk
    [2010/11/10 15:11:10 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tropical Mania.lnk
    [2010/11/10 01:34:28 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Document.rtf
    [2010/11/10 01:31:11 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Deal or No Deal.lnk
    [2010/11/03 11:16:17 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Angelo.exe.lnk
    [2010/11/01 22:15:37 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Islands.lnk
    [2010/10/31 13:23:13 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Sims2EP6.exe.lnk
    [2010/10/31 13:13:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sims2Pack Clean Installer.lnk
    [2010/10/31 12:33:44 | 000,669,002 | ---- | C] () -- C:\WINNT\unins000.exe
    [2010/10/31 12:33:44 | 000,003,852 | ---- | C] () -- C:\WINNT\unins000.dat
    [2010/10/29 16:40:44 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dream Day True Love Beta.lnk
    [2010/10/26 14:50:17 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to JanesHotel3.exe.lnk
    [2010/10/24 15:00:42 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Forgotten Lands The First Colony.lnk
    [2010/10/22 12:14:33 | 000,295,928 | ---- | C] () -- C:\WINNT\Rare Treasures - Dinnerware Trading Company Uninstaller.exe
    [2010/10/21 11:57:38 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Amelies Cafe Halloween.lnk
    [2010/10/21 11:57:36 | 000,159,934 | ---- | C] () -- C:\WINNT\Amelies Cafe Halloween Uninstaller.exe
    [2010/10/20 16:10:34 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlowerShop.exe.lnk
    [2010/10/20 16:04:42 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Haunted Domains.lnk
    [2010/10/19 16:42:10 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to BookwormAdventuresVol2.exe.lnk
    [2010/10/19 12:27:54 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to thomaswords.exe.lnk
    [2010/10/16 17:36:59 | 000,000,521 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to FarmTribe.exe.lnk
    [2010/09/13 16:56:06 | 000,000,059 | ---- | C] () -- C:\WINNT\brmx2001.ini
    [2010/09/13 16:56:06 | 000,000,040 | ---- | C] () -- C:\WINNT\opt_1440.ini
    [2010/09/13 16:56:06 | 000,000,000 | ---- | C] () -- C:\WINNT\Brohl144.ini
    [2010/09/13 16:55:39 | 000,000,447 | ---- | C] () -- C:\WINNT\brwmark.ini
    [2010/09/13 16:50:13 | 000,000,312 | ---- | C] () -- C:\WINNT\BRDIAG.INI
    [2010/09/13 16:50:13 | 000,000,026 | ---- | C] () -- C:\WINNT\brpp2ka.ini
    [2010/09/13 16:50:13 | 000,000,023 | ---- | C] () -- C:\WINNT\Brownie.ini
    [2010/09/13 16:49:42 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\BROSNMP.DLL
    [2010/09/13 16:49:42 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\BRVPDNTA.DLL
    [2010/09/13 16:49:42 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\BRGSRC32.DLL
    [2010/09/13 16:49:42 | 000,004,608 | ---- | C] () -- C:\WINNT\System32\BRGSRC16.DLL
    [2010/09/13 16:49:41 | 000,011,567 | ---- | C] () -- C:\WINNT\HL-1470N.INI
    [2010/09/13 16:49:40 | 000,011,567 | ---- | C] () -- C:\WINNT\HL-1450.INI
    [2010/09/13 16:49:40 | 000,011,567 | ---- | C] () -- C:\WINNT\HL-1440.INI
    [2010/09/13 16:49:40 | 000,011,567 | ---- | C] () -- C:\WINNT\HL-1230.INI
    [2010/07/08 21:55:41 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Half-Time HustleOptions.dat
    [2010/06/02 11:57:37 | 000,036,864 | ---- | C] () -- C:\WINNT\System32\sfppm.dll
    [2010/01/02 19:10:49 | 000,038,912 | ---- | C] () -- C:\WINNT\System32\fxpft2.dll
    [2010/01/02 02:41:23 | 000,038,400 | ---- | C] () -- C:\WINNT\System32\fxpftp.dll
    [2009/05/09 18:47:37 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EFP2.txt
    [2009/05/09 18:47:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EFP2T.txt
    [2009/03/29 00:50:16 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
    [2009/03/06 07:11:30 | 000,000,080 | ---- | C] () -- C:\WINNT\YAHTZEE.INI
    [2009/01/31 13:20:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MillionDollarPasswordPrefs
    [2009/01/31 12:33:38 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MDP_profile1
    [2008/08/09 09:52:53 | 000,000,066 | ---- | C] () -- C:\WINNT\Speed Video Converter.INI
    [2008/04/16 02:12:19 | 000,000,028 | ---- | C] () -- C:\Program Files\Sims2Pack Clean Installer.ini
    [2008/03/27 22:15:43 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
    [2008/03/25 08:31:59 | 000,532,847 | ---- | C] () -- C:\Program Files\common.ww2
    [2008/03/25 08:31:56 | 035,788,359 | ---- | C] () -- C:\Program Files\assets.ww2
    [2008/03/25 08:31:56 | 000,365,964 | ---- | C] () -- C:\Program Files\Westward2_00.data
    [2008/03/25 08:31:56 | 000,009,214 | ---- | C] () -- C:\Program Files\main.cs
    [2008/03/25 08:31:55 | 006,488,064 | ---- | C] () -- C:\Program Files\Westward2.exe
    [2008/03/22 21:18:23 | 001,699,840 | ---- | C] () -- C:\Program Files\IceCream_Mania.exe
    [2008/03/22 21:18:23 | 000,112,278 | ---- | C] () -- C:\Program Files\MenuPage_Star.xml
    [2008/03/22 21:18:23 | 000,080,565 | ---- | C] () -- C:\Program Files\MenuPage_Done.xml
    [2008/03/22 21:18:23 | 000,029,271 | ---- | C] () -- C:\Program Files\MenuPage_Main.xml
    [2008/03/22 21:18:23 | 000,026,151 | ---- | C] () -- C:\Program Files\Screen_ProgStar.xml
    [2008/03/22 21:18:23 | 000,023,362 | ---- | C] () -- C:\Program Files\Screen_Progress.xml
    [2008/03/22 21:18:23 | 000,019,467 | ---- | C] () -- C:\Program Files\MenuPage_Cred.xml
    [2008/03/22 21:18:23 | 000,019,456 | ---- | C] () -- C:\Program Files\MenuDial_BFly.xml
    [2008/03/22 21:18:23 | 000,018,910 | ---- | C] () -- C:\Program Files\Troofy_Room.xml
    [2008/03/22 21:18:23 | 000,013,414 | ---- | C] () -- C:\Program Files\MenuPage_Logo2.xml
    [2008/03/22 21:18:23 | 000,011,641 | ---- | C] () -- C:\Program Files\MenuPage_Krab.xml
    [2008/03/22 21:18:23 | 000,008,686 | ---- | C] () -- C:\Program Files\MenuPage_Load.xml
    [2008/03/22 21:18:23 | 000,007,672 | ---- | C] () -- C:\Program Files\MenuPage_Pers.xml
    [2008/03/22 21:18:23 | 000,005,848 | ---- | C] () -- C:\Program Files\Screen_Upgrades.xml
    [2008/03/22 21:18:23 | 000,004,400 | ---- | C] () -- C:\Program Files\AniRedactorButtonOrig.xml
    [2008/03/22 21:18:23 | 000,004,349 | ---- | C] () -- C:\Program Files\MenuDial_Rank.xml
    [2008/03/22 21:18:23 | 000,003,621 | ---- | C] () -- C:\Program Files\MenuDial_Opts.xml
    [2008/03/22 21:18:23 | 000,003,468 | ---- | C] () -- C:\Program Files\MenuDial_Help.xml
    [2008/03/22 21:18:23 | 000,003,396 | ---- | C] () -- C:\Program Files\Screen_UpgrHelp.xml
    [2008/03/22 21:18:23 | 000,003,379 | ---- | C] () -- C:\Program Files\MenuDial_Wave.xml
    [2008/03/22 21:18:23 | 000,002,922 | ---- | C] () -- C:\Program Files\MenuDial_Exit.xml
    [2008/03/22 21:18:23 | 000,002,783 | ---- | C] () -- C:\Program Files\MenuPage_Fail.xml
    [2008/03/22 21:18:23 | 000,002,155 | ---- | C] () -- C:\Program Files\MenuPage_Logo1.xml
    [2008/03/22 21:18:23 | 000,001,966 | ---- | C] () -- C:\Program Files\AniRedactor.xml
    [2008/03/22 21:18:23 | 000,001,939 | ---- | C] () -- C:\Program Files\Object_Glass_02.xml
    [2008/03/22 21:18:23 | 000,001,938 | ---- | C] () -- C:\Program Files\Object_Glass_04.xml
    [2008/03/22 21:18:23 | 000,001,937 | ---- | C] () -- C:\Program Files\Object_Glass_03.xml
    [2008/03/22 21:18:23 | 000,001,937 | ---- | C] () -- C:\Program Files\Object_Glass_01.xml
    [2008/03/22 21:18:23 | 000,001,593 | ---- | C] () -- C:\Program Files\AniRedactorButton.xml
    [2008/03/22 21:18:23 | 000,001,537 | ---- | C] () -- C:\Program Files\Elem_Cream_L3.xml
    [2008/03/22 21:18:23 | 000,001,536 | ---- | C] () -- C:\Program Files\Elem_Cream_L2.xml
    [2008/03/22 21:18:23 | 000,001,536 | ---- | C] () -- C:\Program Files\Elem_Cream_L1.xml
    [2008/03/22 21:18:23 | 000,001,325 | ---- | C] () -- C:\Program Files\Elem_Syrup_L3.xml
    [2008/03/22 21:18:23 | 000,001,324 | ---- | C] () -- C:\Program Files\Elem_Syrup_L2.xml
    [2008/03/22 21:18:23 | 000,001,324 | ---- | C] () -- C:\Program Files\Elem_Syrup_L1.xml
    [2008/03/22 21:18:23 | 000,001,294 | ---- | C] () -- C:\Program Files\Elem_Decor_L1.xml
    [2008/03/22 21:18:23 | 000,001,058 | ---- | C] () -- C:\Program Files\MenuDial_Game.xml
    [2008/03/22 21:18:23 | 000,000,889 | ---- | C] () -- C:\Program Files\Elem_Stand_L1.xml
    [2008/03/22 21:18:23 | 000,000,790 | ---- | C] () -- C:\Program Files\MenuDial_Tutor.xml
    [2008/03/22 21:18:23 | 000,000,779 | ---- | C] () -- C:\Program Files\Screen_UpgrDial.xml
    [2008/03/22 21:18:23 | 000,000,696 | ---- | C] () -- C:\Program Files\MenuDial_Pers.xml
    [2008/03/22 21:18:23 | 000,000,663 | ---- | C] () -- C:\Program Files\if_game.xml
    [2008/03/22 21:18:23 | 000,000,590 | ---- | C] () -- C:\Program Files\MenuPage_Pics.xml
    [2008/03/22 21:18:23 | 000,000,566 | ---- | C] () -- C:\Program Files\Screen_UpgrWarn.xml
    [2008/03/22 21:18:23 | 000,000,435 | ---- | C] () -- C:\Program Files\Object_Candy.xml
    [2008/03/22 21:18:23 | 000,000,424 | ---- | C] () -- C:\Program Files\Elem_Radio_L1.xml
    [2008/03/22 21:18:23 | 000,000,367 | ---- | C] () -- C:\Program Files\Elem_FirstPlane.xml
    [2008/03/22 21:18:23 | 000,000,300 | ---- | C] () -- C:\Program Files\Elem_Shelf_L1.xml
    [2008/03/22 21:18:23 | 000,000,294 | ---- | C] () -- C:\Program Files\Elem_Candy_L1.xml
    [2008/03/22 21:18:23 | 000,000,251 | ---- | C] () -- C:\Program Files\Object_Cream.xml
    [2008/03/22 21:18:23 | 000,000,221 | ---- | C] () -- C:\Program Files\Object_Think.xml
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\syr_3.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\syr_2.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\syr_1.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_syrop_roz.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_syrop_cr.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_syrop_ch.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_note_nice.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_note_angry.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_money.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_expert.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\particle_cream.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_6.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_5.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_4.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_3.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_2.psi
    [2008/03/22 21:18:23 | 000,000,128 | ---- | C] () -- C:\Program Files\dec_1.psi
    [2008/03/17 03:43:33 | 000,002,460 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mindhabits.dat
    [2008/02/14 19:45:37 | 000,000,356 | ---- | C] () -- C:\Program Files\CardGames2007LocalPref.bin
    [2008/02/14 19:40:07 | 000,001,024 | ---- | C] () -- C:\Program Files\LocalNotes.bin
    [2008/02/14 19:40:07 | 000,000,008 | ---- | C] () -- C:\Program Files\LocalNotes.bin.idx
    [2008/02/14 19:39:25 | 000,000,014 | ---- | C] () -- C:\Program Files\RDCG2007LastPlayerInfo.cfg
    [2008/02/14 19:39:02 | 000,000,028 | ---- | C] () -- C:\Program Files\MP3Directory.txt
    [2008/02/14 19:36:04 | 000,000,082 | ---- | C] () -- C:\Program Files\config.ini
    [2008/02/14 19:35:41 | 000,000,116 | ---- | C] () -- C:\Program Files\LocalPref.bin
    [2008/02/06 23:38:00 | 000,030,976 | ---- | C] () -- C:\WINNT\rascntrl.dll
    [2008/01/29 04:18:04 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/22 09:28:12 | 000,000,082 | ---- | C] () -- C:\WINNT\mafosav.INI
    [2008/01/10 05:10:06 | 000,000,102 | ---- | C] () -- C:\WINNT\SIMTOWN.INI
    [2008/01/07 05:28:48 | 000,000,809 | ---- | C] () -- C:\WINNT\disney.ini
    [2007/11/06 19:10:56 | 000,001,152 | ---- | C] () -- C:\WINNT\System32\windrv.sys
    [2007/11/05 22:33:04 | 002,255,360 | ---- | C] () -- C:\WINNT\System32\libavcodec.dll
    [2007/11/05 22:33:04 | 000,395,776 | ---- | C] () -- C:\WINNT\System32\libmplayer.dll
    [2007/11/05 22:33:04 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\TomsMoComp_ff.dll
    [2007/11/05 22:33:04 | 000,112,640 | ---- | C] () -- C:\WINNT\System32\libmpeg2_ff.dll
    [2007/10/31 20:01:44 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/10/29 20:30:38 | 000,000,574 | ---- | C] () -- C:\WINNT\wininit.ini
    [2007/10/28 22:04:47 | 000,005,083 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hhofohps.wbt
    [2007/10/28 20:14:20 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
    [2007/10/28 20:14:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
    [2007/10/28 20:14:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
    [2007/10/17 23:23:48 | 000,717,296 | ---- | C] () -- C:\WINNT\System32\drivers\sptd.sys
    [2007/09/04 06:21:31 | 000,000,031 | -H-- | C] () -- C:\WINNT\uccspecc.sys
    [2007/07/25 03:24:30 | 001,559,040 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
    [2007/05/09 12:26:21 | 000,002,002 | ---- | C] () -- C:\WINNT\faxmailw.ini
    [2007/04/06 23:00:26 | 000,009,728 | ---- | C] () -- C:\WINNT\System32\BASSMOD.dll
    [2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\WINNT\System32\SP7302.INI
    [2007/03/15 22:33:36 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/03/06 04:04:54 | 000,000,000 | ---- | C] () -- C:\WINNT\Game.INI
    [2007/01/28 15:21:37 | 000,000,324 | ---- | C] () -- C:\WINNT\hpipcopy.INI
    [2007/01/28 12:50:54 | 000,000,029 | ---- | C] () -- C:\WINNT\atid.ini
    [2006/12/24 20:33:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2006/12/16 22:39:06 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\MSVCRT10.DLL
    [2006/12/05 09:26:22 | 000,007,188 | ---- | C] () -- C:\WINNT\System32\drivers\Hmonitor.sys
    [2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
    [2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll
    [2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
    [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
    [2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
    [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
    [2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
    [2006/10/15 20:39:33 | 000,012,288 | ---- | C] () -- C:\WINNT\impborl.dll
    [2006/09/15 15:08:26 | 000,043,520 | ---- | C] () -- C:\WINNT\System32\CmdLineExt03.dll
    [2006/09/04 23:06:13 | 000,000,000 | ---- | C] () -- C:\WINNT\LiveBilliards.INI
    [2006/09/03 23:34:00 | 000,000,000 | ---- | C] () -- C:\WINNT\Hammerhead.INI
    [2006/03/23 02:59:21 | 000,003,886 | ---- | C] () -- C:\WINNT\32bitfax.ini
    [2006/03/03 21:01:45 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI
    [2006/02/26 04:08:28 | 000,585,728 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
    [2006/01/21 03:37:08 | 000,000,115 | ---- | C] () -- C:\WINNT\TaxACT05.ini
    [2005/10/08 15:04:55 | 000,000,204 | ---- | C] () -- C:\WINNT\RtlRack.ini
    [2005/10/07 16:53:43 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
    [2005/10/07 16:52:32 | 000,000,164 | ---- | C] () -- C:\WINNT\avrack.ini
    [2005/10/07 16:52:31 | 000,155,648 | ---- | C] () -- C:\WINNT\System32\RTLCPAPI.dll
    [2005/09/30 07:19:03 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
    [2005/09/30 07:18:46 | 000,000,116 | ---- | C] () -- C:\WINNT\NeroDigital.ini
    [2005/09/26 12:07:55 | 000,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
    [2005/09/15 17:40:22 | 000,160,768 | ---- | C] () -- C:\WINNT\System32\unrar.dll
    [2005/09/01 16:36:40 | 000,889,636 | ---- | C] () -- C:\WINNT\System32\drivers\winachcf.sys
    [2005/09/01 16:36:39 | 000,012,544 | ---- | C] () -- C:\WINNT\System32\drivers\mdmxsdk.sys
    [2005/08/16 01:32:19 | 000,000,068 | ---- | C] () -- C:\WINNT\IDMan.INI
    [2005/08/14 20:05:34 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll
    [2005/08/14 20:05:34 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll
    [2005/08/14 20:05:34 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll
    [2005/07/14 09:22:27 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
    [2005/07/14 09:22:22 | 000,159,744 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
    [2005/07/14 09:22:21 | 000,831,488 | ---- | C] () -- C:\WINNT\System32\libeay32.dll
    [2005/05/30 21:00:19 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\sdi.db
    [2005/04/22 16:03:49 | 000,000,050 | -H-- | C] () -- C:\WINNT\vbmgsext.ini
    [2005/04/22 16:03:49 | 000,000,050 | -H-- | C] () -- C:\WINNT\vbmgsent.ini
    [2005/04/22 15:29:49 | 000,000,006 | ---- | C] () -- C:\WINNT\System32\x517_256.dll
    [2005/04/17 00:47:29 | 000,001,534 | ---- | C] () -- C:\WINNT\System32\gxhhl.drv
    [2005/04/17 00:27:54 | 000,003,927 | R--- | C] () -- C:\WINNT\System32\MXCDRIVE.DLL
    [2005/04/17 00:27:54 | 000,003,927 | -H-- | C] () -- C:\WINNT\ARDRIVE.SYS
    [2005/04/17 00:22:31 | 000,000,113 | ---- | C] () -- C:\WINNT\bkg.ini
    [2005/03/15 19:36:18 | 000,000,061 | ---- | C] () -- C:\WINNT\System32\gah95on6.ini
    [2005/03/06 13:17:48 | 000,302,592 | ---- | C] () -- C:\WINNT\System32\pgp.dll
    [2005/03/06 13:17:48 | 000,093,184 | ---- | C] () -- C:\WINNT\System32\keydb.dll
    [2005/03/06 13:17:48 | 000,070,656 | ---- | C] () -- C:\WINNT\System32\simple.dll
    [2005/03/06 13:17:48 | 000,065,024 | ---- | C] () -- C:\WINNT\System32\bn.dll
    [2005/03/06 13:17:47 | 000,306,688 | ---- | C] () -- C:\WINNT\System32\Lffpx7.dll
    [2005/03/06 13:17:47 | 000,095,232 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
    [2005/02/22 09:30:32 | 000,000,000 | ---- | C] () -- C:\WINNT\Transmogrifier.INI
    [2005/02/15 21:39:39 | 000,000,985 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2005/02/06 13:24:46 | 000,373,248 | ---- | C] () -- C:\WINNT\EyeCand3.INI
    [2005/02/04 23:58:34 | 000,000,146 | ---- | C] () -- C:\WINNT\SIERRA.INI
    [2005/01/20 00:12:47 | 000,000,518 | ---- | C] () -- C:\WINNT\SCRABOUT.INI
    [2005/01/16 02:30:40 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
    [2003/12/03 01:25:22 | 000,000,132 | ---- | C] () -- C:\WINNT\winamp.ini
    [2003/12/02 23:04:12 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
    [2003/12/02 17:58:24 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
    [2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll
    [2002/10/06 13:42:57 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
    [2002/10/04 18:04:25 | 000,921,600 | ---- | C] () -- C:\WINNT\System32\vorbisenc.dll
    [2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
    [2002/10/04 18:04:17 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
    [2002/07/24 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
    [2002/07/24 07:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
    [2002/07/24 07:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
    [2002/07/24 07:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
    [2002/07/24 07:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
    [2002/04/11 10:47:52 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\msmscoin.dll
    [1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
    [1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
    [1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\iyvu9_32.dll
    [1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINNT\System32\giveio.sys

    ========== LOP Check ==========
     
    brwneyez,
    #14
  16. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    [2005/08/31 22:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.bt2
    [2010/03/15 21:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.SunRay Games
    [2009/12/18 19:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\1morebee
    [2007/10/10 22:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Abra Academy2
    [2009/11/25 01:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Alawar
    [2010/09/28 12:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AlawarSouthpoint
    [2010/08/23 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AlderGames
    [2008/10/04 15:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AlterLab
    [2008/06/06 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amaranth Games
    [2010/10/20 09:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Artifex Mundi
    [2008/12/11 23:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ashtons. Family Resort
    [2010/06/05 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Atari
    [2010/02/22 16:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Awem
    [2009/10/23 15:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
    [2008/03/13 21:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Balloon Express
    [2009/03/22 18:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BeachPartyCraze
    [2010/10/02 15:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bear's dream
    [2009/12/06 14:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
    [2010/07/26 23:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Splash Games
    [2009/12/03 00:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BlamGames
    [2009/06/03 15:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\blg
    [2008/01/14 09:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BloodTies
    [2010/10/21 11:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Boolat Games
    [2009/12/01 21:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Boomzap
    [2010/02/12 02:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BrokenHearts
    [2009/06/07 12:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Camel101
    [2009/06/22 22:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CasualForge
    [2008/06/06 16:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cerasus.media
    [2008/04/03 15:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ChemTable Software
    [2007/02/05 13:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Chicken Chase
    [2007/07/01 12:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Chocolate Castle
    [2007/06/12 09:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoffeeCup Software
    [2009/04/04 06:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Coyotes Tale
    [2007/12/28 16:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
    [2007/10/18 07:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
    [2007/04/20 15:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiVision Studios - Escaping Atlantis
    [2010/10/07 17:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DivoGames
    [2008/11/07 23:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DMCache
    [2008/06/06 12:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dress Up Rush TAC CM
    [2005/08/31 22:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EA
    [2009/03/18 23:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eGames
    [2009/11/12 12:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EleFun Games
    [2009/05/04 14:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Enchanted Katya
    [2009/07/19 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ERS G-Studio
    [2010/10/23 16:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ERS Game Studios
    [2008/11/07 03:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fabulous Finds
    [2009/07/01 08:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Faerie Solitaire
    [2010/10/24 15:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FirstColony
    [2009/01/23 19:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
    [2007/04/16 19:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FloodLightGames
    [2007/09/13 01:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ForgottenRiddles
    [2008/07/20 21:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ForgottenRiddles2
    [2008/05/30 13:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Friday's games
    [2010/09/07 12:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\funkitron
    [2009/11/14 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
    [2008/06/13 09:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gaijin Ent
    [2007/04/09 17:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameHouse
    [2008/10/25 14:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamelab
    [2010/07/01 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gamers Digital
    [2008/04/06 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
    [2010/03/10 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gimagin
    [2010/04/12 21:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GOA
    [2008/05/18 14:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gogii Games
    [2009/08/09 23:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GraveyardShift
    [2010/07/08 21:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Half-Time Hustle
    [2008/02/23 12:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Home Sweet Home
    [2010/08/24 21:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Home Sweet Home 2
    [2009/12/19 14:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Home Sweet Home Christmas
    [2010/06/05 11:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hotdog Hotshot
    [2010/03/11 03:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle Card Games
    [2008/01/25 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle FaceCreator
    [2008/02/14 21:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle Puzzle and Board Games
    [2009/09/27 18:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HSA
    [2009/04/22 22:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HuruBeachParty
    [2010/07/12 12:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBAGroup
    [2007/11/06 12:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
    [2008/05/31 18:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IOMediaSupport6SZZ001s
    [2009/07/06 10:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IronCode
    [2010/11/01 22:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Islands
    [2008/10/03 01:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ITTNord
    [2010/06/02 13:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
    [2008/01/14 07:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWinArcade
    [2007/09/21 21:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Hotel
    [2008/03/06 15:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Hotel Family Hero
    [2010/10/26 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Hotel 3
    [2008/08/03 21:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Realty hitzwarez net
    [2008/06/18 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Realty TAC CM
    [2009/04/21 23:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jane s Zoo
    [2010/10/03 13:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Janes Realty2
    [2005/08/31 22:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jasc
    [2010/08/06 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jumb-O-Fun Games
    [2010/02/18 08:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ladia Group
    [2006/09/15 14:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2010/10/07 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LeeGT-Games
    [2007/10/05 12:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Legends of pirates
    [2008/11/25 08:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lionhead Studios
    [2010/10/12 12:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ludia
    [2008/02/29 23:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MaggieTheGardener
    [2007/03/20 22:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Magic Academy
    [2006/02/02 01:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Magic Match
    [2008/01/08 23:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Magic Seeds
    [2009/05/27 14:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mean Hamster
    [2009/11/18 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mean Hamster Software
    [2010/05/17 18:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MegaplexMadnessSummerBlockbuster
    [2009/05/26 17:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Meridian93
    [2009/10/21 01:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Merscom
    [2010/02/12 02:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Merscom LLC
    [2006/03/30 14:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mind Control Software
    [2007/07/21 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Games
    [2009/03/26 17:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MysteryStudio
    [2007/08/16 20:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mysteryville2
    [2010/04/18 15:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Namco
    [2010/09/16 11:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NatGeoGames
    [2010/05/07 20:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NevoSoft Games
    [2007/12/18 02:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nology
    [2008/09/13 00:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oberon Games
    [2007/04/27 13:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ohana Games
    [2005/08/31 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2007/12/24 05:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
    [2010/05/02 13:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Parisian flowers
    [2009/07/19 10:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Peace Craft
    [2010/08/10 21:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PeaceCraft2
    [2007/10/09 23:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PedestrianEntertainment
    [2009/06/10 19:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PetRush
    [2008/09/08 19:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PetShowCraze
    [2010/09/30 22:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PlayFirst
    [2009/11/14 09:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
    [2010/09/04 13:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Playtinum
    [2010/04/21 01:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pogo
    [2008/12/12 20:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pogo Games
    [2008/09/07 11:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Purple Patch Games
    [2009/06/20 10:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quintessential Media Player
    [2009/06/07 17:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reflexive 3 Days Zoo Mystery
    [2010/02/14 14:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RenPy
    [2008/04/12 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Restorer
    [2007/07/28 00:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RetroRecords
    [2008/01/12 01:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\River Past G5
    [2010/09/09 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roads Of Rome
    [2008/01/26 02:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Runes of Avalon
    [2010/08/13 22:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RunningPillow
    [2010/10/01 17:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sahmon Games
    [2008/02/23 11:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sandlot Games
    [2007/12/04 00:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sauce
    [2008/01/17 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Seven Zip
    [2009/03/10 00:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Shape games
    [2010/02/20 14:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ShinyTales
    [2008/10/29 03:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skip-Bo
    [2009/01/15 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sortasoft
    [2008/05/31 18:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spinapse
    [2008/03/16 22:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SpinTop
    [2008/05/08 17:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sudden Games
    [2008/07/04 09:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SulusGames
    [2010/09/24 15:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Supermarket Mania 2
    [2008/08/01 04:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
    [2009/02/15 13:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TikGames
    [2008/01/05 23:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Total Eclipse
    [2010/02/10 14:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Trick or Travel
    [2009/04/14 19:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UClick
    [2008/07/20 20:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UNOUndercover
    [2007/03/11 15:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UseNeXT
    [2009/02/14 21:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\V-Games
    [2009/09/06 13:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Valusoft
    [2007/08/03 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
    [2010/06/11 02:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ViquaSoft
    [2007/10/28 22:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
    [2010/02/24 01:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Western Software Technologies
    [2010/09/15 17:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\World-LooM
    [2010/10/30 09:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Youdagames
    [2007/03/24 19:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZagZag
    [2007/01/28 04:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zen Puzzle Garden
    [2008/01/27 18:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zylom
    [2008/03/07 21:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
    [2007/07/15 13:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
    [2008/07/30 16:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    [2010/09/28 12:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarSouthpoint
    [2010/10/20 09:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2008/01/27 18:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
    [2009/08/08 01:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
    [2008/11/08 04:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
    [2008/12/11 23:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashtons. Family Resort
    [2008/05/22 23:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
    [2010/04/29 14:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/10/23 15:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/03/31 00:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games Vancouver
    [2010/07/26 23:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Splash Games
    [2010/09/15 13:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlamGames
    [2009/06/03 15:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
    [2009/06/22 22:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CasualForge
    [2010/11/10 20:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
    [2007/11/07 14:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaveDays
    [2006/03/22 16:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
    [2007/11/23 20:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
    [2010/10/16 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrioGames
    [2010/05/28 00:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
    [2010/03/16 14:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
    [2008/06/05 08:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalChocolate
    [2009/01/13 11:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
    [2010/09/03 21:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DreamFarm
    [2005/08/31 22:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
    [2010/06/25 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
    [2010/10/11 03:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
    [2009/02/20 23:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ERS G-Studio
    [2009/05/09 20:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
    [2009/05/09 18:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
    [2008/09/05 15:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FamilyFlights
    [2009/04/04 22:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Far Mills
    [2010/09/02 18:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
    [2010/06/11 05:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
    [2008/07/02 14:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
    [2009/07/17 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
    [2009/11/26 16:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_America
    [2009/12/30 22:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Arctica
    [2010/07/06 01:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Madagascar
    [2010/04/15 18:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3_Russia
    [2008/12/21 20:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzyPizzaParty
    [2008/03/21 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
    [2010/03/17 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fenomen Games
    [2010/10/01 06:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fillup2-daxygames-eng
    [2008/07/17 20:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
    [2009/01/23 19:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2007/04/16 19:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
    [2008/06/26 20:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
    [2008/03/17 23:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
    [2010/02/28 04:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
    [2008/06/13 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
    [2008/06/06 23:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
    [2007/05/20 11:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamelab
    [2010/07/01 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
    [2010/08/22 19:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
    [2010/03/10 15:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gimagin
    [2007/12/07 22:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
    [2008/06/10 13:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go-Go Gourmet Chef of the Year
    [2010/04/12 21:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GOA
    [2009/06/18 22:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
    [2008/11/10 17:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
    [2008/05/18 14:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
    [2008/12/03 22:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
    [2007/12/05 15:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
    [2008/06/25 10:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2010/03/20 14:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
    [2007/12/21 02:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsDemo3
    [2009/11/17 14:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
    [2010/03/31 00:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
    [2008/05/10 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
    [2010/03/25 00:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\incredible express
    [2008/08/31 20:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
    [2009/10/03 15:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
    [2010/06/02 13:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
    [2008/01/14 07:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2008/02/09 05:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2007/08/15 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Joyboost
    [2009/08/30 22:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games
    [2008/12/04 02:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
    [2009/03/15 13:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LeeGT-Games
    [2007/04/28 17:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive
    [2008/03/07 21:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
    [2008/01/17 10:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LucasArts
    [2010/10/12 12:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
    [2009/05/27 14:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
    [2009/11/18 11:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster Software
    [2008/06/05 15:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Art
    [2008/02/10 05:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
    [2009/10/21 01:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
    [2010/02/12 02:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom LLC
    [2007/11/16 05:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
    [2009/04/13 22:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MissTeriTale2
    [2010/09/23 22:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2009/08/28 08:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
    [2007/04/05 19:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    [2010/04/18 15:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
    [2010/09/16 11:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
    [2007/12/09 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
    [2008/10/10 12:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
    [2008/09/13 00:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
    [2006/04/16 13:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
    [2007/11/09 01:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OberonGames
    [2009/02/13 19:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2006/02/26 23:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
    [2010/09/30 22:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2010/07/10 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
    [2007/06/21 10:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
    [2010/04/21 01:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
    [2009/07/30 09:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2009/04/18 23:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
    [2008/08/22 12:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive
    [2009/11/03 14:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
    [2008/01/12 02:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
    [2010/11/10 20:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2008/04/12 14:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
    [2009/05/22 22:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
    [2007/06/18 00:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftTool
    [2009/01/15 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sortasoft
    [2008/12/11 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sowhat
    [2008/06/04 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
    [2009/05/07 17:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
    [2009/01/22 19:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
    [2010/06/12 19:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
    [2009/08/11 21:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperRanch
    [2010/10/30 10:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/06/04 09:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
    [2008/07/28 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
    [2009/02/15 13:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
    [2009/04/14 19:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
    [2009/09/06 13:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
    [2010/03/15 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vampireville
    [2008/06/14 22:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2008/05/02 11:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualFarm
    [2008/11/11 05:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
    [2009/05/08 13:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XLab
    [2010/08/24 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Youdagames
    [2007/03/24 19:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZagZag
    [2007/06/18 00:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZCFuncraft
    [2007/12/14 23:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
    [2010/07/17 23:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/03/09 20:13:54 | 000,000,000 | ---- | M] () -- C:\AILog.txt
    [2007/09/03 21:36:39 | 000,005,776 | ---- | M] () -- C:\aoedoppl.txt
    [2007/09/03 21:36:39 | 000,002,238 | ---- | M] () -- C:\aoeWVlog.txt
    [2005/08/31 20:28:38 | 000,885,514 | ---- | M] () -- C:\Archos_USB_Drivers_09062005.zip
    [2006/04/12 13:46:08 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2005/01/16 02:06:02 | 000,004,285 | ---- | M] () -- C:\avgun.log
    [2006/04/12 13:43:05 | 000,000,192 | -HS- | M] () -- C:\boot.ini
    [2010/11/14 10:34:54 | 000,017,234 | ---- | M] () -- C:\ComboFix.txt
    [2006/04/12 13:46:08 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2007/11/05 22:33:14 | 000,001,155 | ---- | M] () -- C:\Cucu_Video_log.txt
    [2005/10/07 21:26:02 | 198,777,450 | ---- | M] () -- C:\epox mb drivers.zip
    [2005/03/26 20:40:01 | 000,005,446 | ---- | M] () -- C:\EyeCandyLog.txt
    [2009/09/10 04:51:48 | 000,000,251 | ---- | M] () -- C:\INSTALL.LOG
    [2003/12/02 23:05:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/03/21 14:30:51 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
    [2007/01/28 12:55:48 | 000,001,504 | -H-- | M] () -- C:\IPH.PH
    [2008/01/13 21:58:58 | 005,817,563 | ---- | M] () -- C:\Microburner.log
    [2003/12/02 23:05:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/07/24 07:00:00 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/04/15 23:11:48 | 000,214,432 | RHS- | M] () -- C:\ntldr
    [2010/11/14 16:14:02 | 1205,862,400 | -HS- | M] () -- C:\pagefile.sys
    [2006/10/11 20:31:37 | 000,000,840 | ---- | M] () -- C:\Profile.xml
    [2007/02/22 11:05:36 | 000,090,112 | ---- | M] () -- C:\Progr_.dll
    [2007/10/24 13:45:40 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
    [2007/04/12 12:36:07 | 262,144,000 | ---- | M] () -- C:\RCT3_Platinum_DR-Master.part1.exe
    [2007/04/12 12:10:39 | 262,144,000 | ---- | M] () -- C:\RCT3_Platinum_DR-Master.part2.rar
    [2007/04/12 11:45:17 | 194,830,499 | ---- | M] () -- C:\RCT3_Platinum_DR-Master.part3.rar
    [2007/08/29 03:32:20 | 001,265,421 | ---- | M] () -- C:\saida.txt
    [2008/02/29 23:21:42 | 000,000,006 | ---- | M] () -- C:\settings.ini
    [2006/12/16 22:53:26 | 000,000,495 | ---- | M] () -- C:\stub.log
    [2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
    [2005/03/20 22:44:22 | 000,008,098 | ---- | M] () -- C:\temp.iff
    [2008/07/13 04:07:46 | 000,004,273 | ---- | M] () -- C:\test.spr
    [2006/10/11 21:40:23 | 005,191,680 | ---- | M] () -- C:\VAEasySilent.exe
    [2010/11/07 19:49:19 | 007,149,074 | ---- | M] () -- C:\winzip.log
    [2009/05/05 23:29:08 | 000,140,416 | ---- | M] () -- C:\YServer.txt
     
    brwneyez,
    #15
  17. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/04/12 13:45:35 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2001/12/12 23:01:00 | 000,027,836 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINNT\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
    [2003/06/19 14:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/03/18 19:08:28 | 000,001,966 | ---- | M] () -- C:\Program Files\AniRedactor.xml
    [2008/03/18 19:08:28 | 000,001,593 | ---- | M] () -- C:\Program Files\AniRedactorButton.xml
    [2008/03/18 19:08:28 | 000,004,400 | ---- | M] () -- C:\Program Files\AniRedactorButtonOrig.xml
    [2008/03/25 01:16:12 | 035,788,359 | ---- | M] () -- C:\Program Files\assets.ww2
    [2008/03/18 19:08:30 | 000,092,216 | ---- | M] (Un4seen Developments) -- C:\Program Files\bass.dll
    [2008/02/14 19:45:37 | 000,000,356 | ---- | M] () -- C:\Program Files\CardGames2007LocalPref.bin
    [2008/03/25 01:16:12 | 000,532,847 | ---- | M] () -- C:\Program Files\common.ww2
    [2008/02/14 19:36:04 | 000,000,082 | ---- | M] () -- C:\Program Files\config.ini
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_1.psi
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_2.psi
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_3.psi
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_4.psi
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_5.psi
    [2008/03/18 19:08:32 | 000,000,128 | ---- | M] () -- C:\Program Files\dec_6.psi
    [2006/04/12 13:45:16 | 000,000,271 | -H-- | M] () -- C:\Program Files\desktop.ini
    [2008/03/18 19:08:32 | 000,000,294 | ---- | M] () -- C:\Program Files\Elem_Candy_L1.xml
    [2008/03/18 19:08:32 | 000,001,536 | ---- | M] () -- C:\Program Files\Elem_Cream_L1.xml
    [2008/03/18 19:08:32 | 000,001,536 | ---- | M] () -- C:\Program Files\Elem_Cream_L2.xml
    [2008/03/18 19:08:32 | 000,001,537 | ---- | M] () -- C:\Program Files\Elem_Cream_L3.xml
    [2008/03/18 19:08:32 | 000,001,294 | ---- | M] () -- C:\Program Files\Elem_Decor_L1.xml
    [2008/03/18 19:08:32 | 000,000,367 | ---- | M] () -- C:\Program Files\Elem_FirstPlane.xml
    [2008/03/18 19:08:32 | 000,000,424 | ---- | M] () -- C:\Program Files\Elem_Radio_L1.xml
    [2008/03/18 19:08:32 | 000,000,300 | ---- | M] () -- C:\Program Files\Elem_Shelf_L1.xml
    [2008/03/18 19:08:32 | 000,000,889 | ---- | M] () -- C:\Program Files\Elem_Stand_L1.xml
    [2008/03/18 19:08:32 | 000,001,324 | ---- | M] () -- C:\Program Files\Elem_Syrup_L1.xml
    [2008/03/18 19:08:32 | 000,001,324 | ---- | M] () -- C:\Program Files\Elem_Syrup_L2.xml
    [2008/03/18 19:08:32 | 000,001,325 | ---- | M] () -- C:\Program Files\Elem_Syrup_L3.xml
    [2006/04/12 13:45:16 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt
    [2008/03/19 00:52:20 | 001,699,840 | ---- | M] () -- C:\Program Files\IceCream_Mania.exe
    [2008/03/18 19:08:32 | 000,000,663 | ---- | M] () -- C:\Program Files\if_game.xml
    [2008/03/18 19:08:48 | 000,094,208 | ---- | M] (j2k-codec.com) -- C:\Program Files\j2k-codec.dll
    [2008/03/18 19:08:48 | 000,093,696 | ---- | M] (j2k-codec.com) -- C:\Program Files\j2k-control.dll
    [2008/02/14 19:40:07 | 000,001,024 | ---- | M] () -- C:\Program Files\LocalNotes.bin
    [2008/02/14 19:40:07 | 000,000,008 | ---- | M] () -- C:\Program Files\LocalNotes.bin.idx
    [2008/02/14 19:38:48 | 000,000,116 | ---- | M] () -- C:\Program Files\LocalPref.bin
    [2008/03/25 01:15:24 | 000,009,214 | ---- | M] () -- C:\Program Files\main.cs
    [2008/03/18 19:08:48 | 000,019,456 | ---- | M] () -- C:\Program Files\MenuDial_BFly.xml
    [2008/03/18 19:08:48 | 000,002,922 | ---- | M] () -- C:\Program Files\MenuDial_Exit.xml
    [2008/03/18 19:08:48 | 000,001,058 | ---- | M] () -- C:\Program Files\MenuDial_Game.xml
    [2008/03/18 19:08:48 | 000,003,468 | ---- | M] () -- C:\Program Files\MenuDial_Help.xml
    [2008/03/18 19:08:48 | 000,003,621 | ---- | M] () -- C:\Program Files\MenuDial_Opts.xml
    [2008/03/18 19:08:48 | 000,000,696 | ---- | M] () -- C:\Program Files\MenuDial_Pers.xml
    [2008/03/18 19:08:48 | 000,004,349 | ---- | M] () -- C:\Program Files\MenuDial_Rank.xml
    [2008/03/18 19:08:48 | 000,000,790 | ---- | M] () -- C:\Program Files\MenuDial_Tutor.xml
    [2008/03/18 19:08:48 | 000,003,379 | ---- | M] () -- C:\Program Files\MenuDial_Wave.xml
    [2008/03/18 19:08:48 | 000,019,467 | ---- | M] () -- C:\Program Files\MenuPage_Cred.xml
    [2008/03/18 19:08:48 | 000,080,565 | ---- | M] () -- C:\Program Files\MenuPage_Done.xml
    [2008/03/18 19:08:48 | 000,002,783 | ---- | M] () -- C:\Program Files\MenuPage_Fail.xml
    [2008/03/18 19:08:48 | 000,011,641 | ---- | M] () -- C:\Program Files\MenuPage_Krab.xml
    [2008/03/18 19:08:48 | 000,008,686 | ---- | M] () -- C:\Program Files\MenuPage_Load.xml
    [2008/03/18 19:08:48 | 000,002,155 | ---- | M] () -- C:\Program Files\MenuPage_Logo1.xml
    [2008/03/18 19:08:48 | 000,013,414 | ---- | M] () -- C:\Program Files\MenuPage_Logo2.xml
    [2008/03/18 19:08:50 | 000,029,271 | ---- | M] () -- C:\Program Files\MenuPage_Main.xml
    [2008/03/18 19:08:50 | 000,007,672 | ---- | M] () -- C:\Program Files\MenuPage_Pers.xml
    [2008/03/18 19:08:50 | 000,000,590 | ---- | M] () -- C:\Program Files\MenuPage_Pics.xml
    [2008/03/18 19:08:50 | 000,112,278 | ---- | M] () -- C:\Program Files\MenuPage_Star.xml
    [2008/02/14 19:39:02 | 000,000,028 | ---- | M] () -- C:\Program Files\MP3Directory.txt
    [2008/03/18 19:08:50 | 000,000,435 | ---- | M] () -- C:\Program Files\Object_Candy.xml
    [2008/03/18 19:08:50 | 000,000,251 | ---- | M] () -- C:\Program Files\Object_Cream.xml
    [2008/03/18 19:08:50 | 000,001,937 | ---- | M] () -- C:\Program Files\Object_Glass_01.xml
    [2008/03/18 19:08:50 | 000,001,939 | ---- | M] () -- C:\Program Files\Object_Glass_02.xml
    [2008/03/18 19:08:50 | 000,001,937 | ---- | M] () -- C:\Program Files\Object_Glass_03.xml
    [2008/03/18 19:08:50 | 000,001,938 | ---- | M] () -- C:\Program Files\Object_Glass_04.xml
    [2008/03/18 19:08:50 | 000,000,221 | ---- | M] () -- C:\Program Files\Object_Think.xml
    [2008/03/23 01:40:06 | 000,086,016 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Program Files\OpenAL32.dll
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_cream.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_expert.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_money.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_note_angry.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_note_nice.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_syrop_ch.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_syrop_cr.psi
    [2008/03/18 19:08:50 | 000,000,128 | ---- | M] () -- C:\Program Files\particle_syrop_roz.psi
    [2008/02/14 19:39:25 | 000,000,014 | ---- | M] () -- C:\Program Files\RDCG2007LastPlayerInfo.cfg
    [2008/03/18 19:08:50 | 000,023,362 | ---- | M] () -- C:\Program Files\Screen_Progress.xml
    [2008/03/18 19:08:50 | 000,026,151 | ---- | M] () -- C:\Program Files\Screen_ProgStar.xml
    [2008/03/18 19:08:50 | 000,005,848 | ---- | M] () -- C:\Program Files\Screen_Upgrades.xml
    [2008/03/18 19:08:50 | 000,000,779 | ---- | M] () -- C:\Program Files\Screen_UpgrDial.xml
    [2008/03/18 19:08:50 | 000,003,396 | ---- | M] () -- C:\Program Files\Screen_UpgrHelp.xml
    [2008/03/18 19:08:50 | 000,000,566 | ---- | M] () -- C:\Program Files\Screen_UpgrWarn.xml
    [2008/05/01 12:53:27 | 000,000,028 | ---- | M] () -- C:\Program Files\Sims2Pack Clean Installer.ini
    [2008/03/18 19:08:54 | 000,000,128 | ---- | M] () -- C:\Program Files\syr_1.psi
    [2008/03/18 19:08:54 | 000,000,128 | ---- | M] () -- C:\Program Files\syr_2.psi
    [2008/03/18 19:08:54 | 000,000,128 | ---- | M] () -- C:\Program Files\syr_3.psi
    [2008/03/27 22:15:43 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01
    [2008/03/18 19:08:54 | 000,018,910 | ---- | M] () -- C:\Program Files\Troofy_Room.xml
    [2008/03/23 01:40:08 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\unicows.dll
    [2008/03/25 10:38:36 | 006,488,064 | ---- | M] () -- C:\Program Files\Westward2.exe
    [2008/03/25 01:15:46 | 000,365,964 | ---- | M] () -- C:\Program Files\Westward2_00.data
    [2008/03/23 01:40:12 | 000,262,144 | ---- | M] (Creative Labs) -- C:\Program Files\wrap_oal.dll

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/04/12 09:35:39 | 000,409,600 | ---- | M] () -- C:\WINNT\system32\config\default.sav
    [2006/04/12 13:28:41 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
    [2006/04/12 09:35:39 | 014,372,864 | ---- | M] () -- C:\WINNT\system32\config\software.sav
    [2006/04/12 09:35:42 | 004,788,224 | ---- | M] () -- C:\WINNT\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/13 16:57:53 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\19cc64g9.exe
    [2010/07/26 09:44:22 | 000,333,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cacaoweb.exe
    [2010/11/13 21:40:43 | 003,909,080 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/13 16:13:44 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
    [2010/11/13 17:17:44 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2010/11/14 16:37:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/13 15:31:21 | 002,759,838 | ---- | M] (Topala Software Solutions ) -- C:\Documents and Settings\Administrator\Desktop\siw-setup.exe
    [2010/11/13 16:00:34 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >
    [2007/08/05 00:00:15 | 000,000,303 | ---- | M] () -- C:\WINNT\java\javalog.txt

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/07/24 07:00:00 | 000,000,777 | ---- | M] () -- C:\WINNT\addins\faxext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >
    [2002/07/24 07:00:00 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf
    [2002/07/24 07:00:00 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf
    [2002/07/24 07:00:00 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/04/15 23:17:55 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2006/04/15 23:17:31 | 000,002,370 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Amelies Cafe Halloween Uninstaller.exe
    Luxury Liner Tycoon Uninstaller.exe
    Rare Treasures - Dinnerware Trading Company Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/14 16:41:23 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2002/12/11 15:08:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINNT\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==================== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83EAC886
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:501D1A8D
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDC42529
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6WEHS9E5XL94D1U8LL3TLVXGVMVKJVR4KK
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8EHPGJ7XL94D1U8LL3TLVXGVMVKJVR4KK
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVWVPRVAL
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6WEHS9E5XL94D1U8LL3TLVXGVMVKJVR4KK
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8EHPGJ7XL94D1U8LL3TLVXGVMVKJVR4KK
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVWVPRVAL
    @Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
    @Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96EE29A3
    @Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
    @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
    @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
    @Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF54F1CA
    @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F59E8EA
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:055BB719
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C243D9EC
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD999CC4
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EE43C06
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
    @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EB8837A
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87457337
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC999E2A
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6385BFB
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2CEC0E8
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:348A3734
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3009D153
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADDDF689
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9D3E3E8
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:608E875A
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:040E11E4
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:026CBA8C
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FB3F92A
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEC50B4
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB1C1865
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42AFF263
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:248418FF
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E224648
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:991838E5
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FFFDC8
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DB6559B
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:442CBC07
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:717085FD
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E40EED9B
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FE4ED5A

    < End of report >
     
    brwneyez,
    #16
  18. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You posted partial OTL.txt log twice.
    I need a whole log.
     
    broni,
    #17
  19. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Disregard my previous message. I go it now.
     
    broni,
    #18
  20. 2010/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\WINNT\Downloaded Program Files\stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\bt2 {1730B77B-F429-498f-9B15-4514D83C8294} - Reg Error: Key error. File not found
[2007/08/03 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2008/06/14 22:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83EAC886
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:501D1A8D
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6285236
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDC42529
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6W EHS9E5XL94D1U8LL3TLVXGVMVKJVR4KK
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8 EHPGJ7XL94D1U8LL3TLVXGVMVKJVR4KK
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVW VPRVAL
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6WEHS9E5XL9 4D1U8LL3TLVXGVMVKJVR4KK
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8EHPGJ7XL9 4D1U8LL3TLVXGVMVKJVR4KK
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVWVPRVAL
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96EE29A3
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF54F1CA
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F59E8EA
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:055BB719
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C243D9EC
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD999CC4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EE43C06
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EB8837A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87457337
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC999E2A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6385BFB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2CEC0E8
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:348A3734
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3009D153
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADDDF689
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9D3E3E8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:608E875A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:040E11E4
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:026CBA8C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FB3F92A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97C84299
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6CEC50B4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB1C1865
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42AFF263
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:248418FF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E224648
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:991838E5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64FFFDC8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DB6559B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:442CBC07
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:717085FD
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E40EED9B
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FE4ED5A

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #19
  21. 2010/11/14
    brwneyez

    brwneyez Inactive Thread Starter

    Joined:
    2010/11/13
    Messages:
    19
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.5
    Windows 2000 Service Pack 4
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    AVG Free 9.0
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    CCleaner
    Winferno Registry Power Cleaner
    Apycom Java Menus and Buttons
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 8.1.6
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:
    nslookup.exe missing!

    ``````````End of Log````````````

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
    File 5D8-163E-4189-86FC-45022AB2B6C9} file://C:\WINNT\Downloaded Program Files\stg_drm.ocx not found.
    Starting removal of ActiveX control {149E45D8-163E-4189-86FC-45022AB2B6C9}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{149E45D8-163E-4189-86FC-45022AB2B6C9}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bt2\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1730B77B-F429-498f-9B15-4514D83C8294}\ deleted successfully.
    File {1730B77B-F429-498f-9B15-4514D83C8294} - Reg Error: Key error. File not found not found.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\Administrator\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:83EAC886 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC7738DB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:501D1A8D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:B6285236 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDC42529 deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6W EHS9E5XL94D1U8LL3TLVXGVMVKJVR4KK .
    Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8 EHPGJ7XL94D1U8LL3TLVXGVMVKJVR4KK .
    Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVW VPRVAL .
    ADS C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMXLJ4M28WLP36MLL0WM6WEHS9E5XL9 4D1U8LL3TLVXGVMVKJVR4KK .
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVF2VCGFMVF9K8N4TKBRVDNGCMPLJ4M9YWLP9TMLPH8KC8EHPGJ7XL9 4D1U8LL3TLVXGVMVKJVR4KK .
    ADS C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9V89FVNFDG435L69EKPTJCK92F21JCLF14MVVWVPRVAL deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_LBP5VNGKGVP9VLS4NMVHVPM4PMLRJ6TVSVLMHKX deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:96EE29A3 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AA21473 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:084B0270 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF54F1CA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F59E8EA deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:055BB719 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C243D9EC deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD999CC4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7EE43C06 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFB01D2B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7EB8837A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:87457337 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DDCE10B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:FC999E2A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D6385BFB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:64FABDFB deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F2CEC0E8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D31A2B3E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:43E0EC8A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:348A3734 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3009D153 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADDDF689 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9D3E3E8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:608E875A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:040E11E4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:026CBA8C deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FB3F92A deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:97C84299 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:6CEC50B4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:543CAD1B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB1C1865 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:42AFF263 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:248418FF deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C6F032 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E224648 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:991838E5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:097FF903 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:64FFFDC8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DB6559B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D19638E deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:442CBC07 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:717085FD deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:E40EED9B deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5FE4ED5A deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 9279106 bytes
    ->Temporary Internet Files folder emptied: 107727 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 75288766 bytes
    ->Flash cache emptied: 975 bytes

    User: All Users

    User: Application Data

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: My Documents

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: shell32.dll unable to determine bytes removed.

    Total Files Cleaned = 81.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Application Data

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: My Documents

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_174611

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    brwneyez,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...