Unresponsive script

peem · July 10, 2012

Ok before I phone them I've just checked my account with them on their site. It says I have used 1.37gb of my 10gb allowance this month. Just thought I'd mention it. :)

KenB · July 10, 2012

after about 1/2 an hour, to start behaving itself and go zipping along?

I would say not.

If the ISP has not limited your account - and 1.37 GB of 10GB is nowhere near overusing - there has to be another reason.

Have you tried switching the router off -leave for 1 minute - switch on again.

Also - I don't know if you answered this earlier ............is this a wireless connection?

peem · July 10, 2012

I tried the router thing a while ago. No difference. I'll try again later as I have to go out soon.

No it not wireless.

KenB · July 10, 2012

No it not wireless.

I can see there being problems if it WAS wireless - but an ethernet ( wired ) connection is usually stable.

Let me know how re-setting the router goes.

peem · July 24, 2012

Well I'm back again, how I don't know. I couldn't get into this site. A message popped up telling me the moderator had stopped my IP address, or something like that. I replied asking why, I got no answer but it has let me back in now.

Think I'm going to chuck this machine out of the window!!!!!!:mad:

Things I've done since I last spoke to you. I wrote them down and now I cant find the notebook. So from memory,

I did that, "Use hardware acceleration when available" thing that Nev suggested. Still the same.

Rang my ISP, they said they had not put any restrictions on my usage. They said other things also but these are in my magically disappearing notebook.

Opened Task Manager to see if there was anything running extremely high CPU. Only thing high was CoreServiceShell, which I've found is related to my Trend Micro Titanium av. That soon settled down but the problems continued. As a thought, taskmanager itself is taking up to three minutes to appear, (Ctrl>Alt>delete), so I wonder if whatever is slowing me down or sending the pop-ups is not appearing in TM when it evenyually opens? Oh sometimes there are multiple TM's opening.

Opened FF in 'Safe Mode' with everything switched off so to speak. A lot better but still trudgey.

Opened the tower and cleaned it out. Quieter but still the same problems.

Upped the integer number to 40 as the pop-up was appearing often again. It made no difference. Should I put it back to zero do you think?

I think that is all (memory (mine)is not as good as I would like) that I've done.

Hope I can get back here when I next try. :)

peem · July 24, 2012

Oh yes, re-setting the router didn't work either.

Starbuck · July 24, 2012

Hi Peem,

Let's get a better look at your system.

The report may well show us a reason for all this.

This program is not for just finding malware, it tells us a lot about your system.

Download OTL to your desktop.
If using Firefox ..right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Please let us have both reports.

Thanks.

peem · July 24, 2012

Hello Starbuck.

Cowardice strikes!!!!

I clicked on both those links and got a 'red' warning from Trend Micro. Stupid question now, is it safe?

Starbuck · July 25, 2012

Yes it's perfectly safe.

If your AV keeps trying to stop OTL, just disable the AV.

peem · July 25, 2012

First report.

OTL logfile created on: 25/07/2012 16:11:12 - Run 1

OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.48 Mb Total Physical Memory | 255.84 Mb Available Physical Memory | 57.30% Memory free

1.35 Gb Paging File | 1.18 Gb Available in Paging File | 87.47% Paging File free

Paging file location(s): C:\pagefile.sys 1000 1800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142.07 Gb Total Space | 96.09 Gb Free Space | 67.63% Space Free | Partition Type: NTFS

Drive D: | 6.96 Gb Total Space | 3.53 Gb Free Space | 50.74% Space Free | Partition Type: FAT32

Computer Name: PETER | User Name: Compaq_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)

PRC - C:\Program Files\BlazeVideo\BlazeHDAV 6.0\MediaDetector.exe (BlazeVideo Company)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\BlazeVideo\BlazeHDAV 6.0\RemoteControl\AF9100EXRC.dll ()

MOD - C:\Program Files\BlazeVideo\BlazeHDAV 6.0\VersionInfo.dll ()

MOD - C:\Program Files\BlazeVideo\BlazeHDAV 6.0\mlutil.dll ()

MOD - C:\Program Files\BlazeVideo\BlazeHDAV 6.0\MMKeyboardHook.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

========== Win32 Services (SafeList) ==========

SRV - (SbieSvc) -- File not found

SRV - (gusvc) -- File not found

SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)

SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)

SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found

DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)

DRV - (tmnciesc) -- C:\WINDOWS\system32\drivers\tmnciesc.sys (Trend Micro Inc.)

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmeext) -- C:\WINDOWS\system32\drivers\tmeext.sys (Trend Micro Inc.)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (Soluto) -- C:\WINDOWS\system32\drivers\Soluto.sys (Soluto LTD.)

DRV - (EUFS) -- C:\WINDOWS\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV - (EuDisk) -- C:\WINDOWS\system32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)

DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()

DRV - (s0016unic) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)

DRV - (s0016nd5) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)

DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)

DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)

DRV - (s0016mgmt) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)

DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)

DRV - (s0016bus) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)

DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()

DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (pxark) -- C:\WINDOWS\system32\drivers\pxark.sys ()

DRV - (s116unic) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)

DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)

DRV - (s116nd5) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)

DRV - (s116mgmt) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)

DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)

DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)

DRV - (s116bus) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)

DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (alcan5wn) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)

DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {8F88DF84-1BCC-45E8-BFF0-364E242754A2}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw={searchTerms}&tbid=60287

IE - HKCU\..\SearchScopes\{4E91CFEE-0092-46B3-A3F1-2362637803E2}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{5E33B7A8-4A5B-4564-82D6-179580FF0CC4}: "URL" = http://www.ironicsans.com/thsrs/?q={searchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{7F023085-3242-46B3-8F9A-CE7DFE7361B1}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all

IE - HKCU\..\SearchScopes\{8F88DF84-1BCC-45E8-BFF0-364E242754A2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA

IE - HKCU\..\SearchScopes\{BE56696E-DEAD-4124-9517-32531F3C581E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1

FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0

FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/07/21 15:25:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/06/19 19:40:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 08:41:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/11 17:42:22 | 000,000,000 | ---D | M]

[2010/04/29 11:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

[2010/04/29 11:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/06/27 11:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions

[2012/04/30 15:55:40 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}

[2012/05/22 20:22:05 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}

[2012/05/18 20:10:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012/06/15 13:03:18 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\donottrackplus@abine.com

[2010/12/10 23:57:58 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2012/03/13 16:38:47 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\extensions\keyscrambler@qfx.software.corporation

[2010/07/28 15:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\tf9yxupn.peterm\extensions

[2012/02/18 19:44:54 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\searchplugins\duckduckgo.xml

[2012/02/14 15:12:33 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\searchplugins\quinturacom.xml

[2012/02/13 18:47:47 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\jg2msdps.default\searchplugins\scroogle-ssl.xml

[2012/01/30 14:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/01/30 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)

[2012/01/23 19:08:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

[2012/06/21 08:41:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/06/21 08:41:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/21 08:41:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t

CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.2\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.2\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\17.0.963.2\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll

CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Atmosphere Theme = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajacjnocjbnkbokipcbfcmlojciklfbi\1.2_0\

CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: WOT = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\goinjpofmboaejkhflohjoloaoebfopj\1.2.10_0\

O1 HOSTS File: ([2009/03/23 10:55:53 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O2 - BHO: (no name) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [blazeServoTool] C:\Program Files\BlazeVideo\BlazeHDAV 6.0\MediaDetector.exe (BlazeVideo Company)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 01 00 00 00 [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]

O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9001E5C9-001C-47B9-9B64-1926351A4868}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)

O18 - Protocol\Handler\wot - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 () -

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/11/09 21:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "JavaQuickStarterService"

MsConfig - Services: "IDriverT"

MsConfig - Services: "gusvc"

MsConfig - Services: "gupdatem"

MsConfig - Services: "EASEUS Agent"

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Internet.lnk - - File not found

MsConfig - StartUpReg: Ad-Watch - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: AVG7_CC - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BOC-423 - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: BOC-425 - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: COMODO Firewall Pro - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: EaseUs Watch - hkey= - key= - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

MsConfig - StartUpReg: EPSON SX235 Series - hkey= - key= - File not found

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: MSC - hkey= - key= - File not found

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: SandboxieControl - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: SpywareTerminator - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: STManager - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: Trend Micro Titanium - hkey= - key= - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 16:06:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr

[2012/07/23 17:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\New Folder

[2012/07/19 11:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\BlazeVideo

[2012/07/19 11:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo

[2012/07/19 11:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BlazeHDAV 6.0

[2012/07/19 11:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\BlazeVideo

[2012/07/15 19:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Sony Mobile

[2012/07/15 19:46:21 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll

[2012/07/15 19:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Mobile

[2012/07/13 18:40:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent

[2012/07/12 13:05:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Dropbox

[2012/07/12 12:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2012/07/12 12:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Dropbox

[2012/07/12 12:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox

[2012/07/08 14:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/08 14:07:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/07/08 14:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/07 17:26:20 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe4.dll

[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

[114 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/25 16:06:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.scr

[2012/07/25 15:20:07 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2012/07/25 15:19:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/24 18:10:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/21 15:21:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/20 19:17:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini

[2012/07/19 11:34:22 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\SysInfo_6.dll

[2012/07/19 11:31:41 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel

[2012/07/17 14:49:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/07/17 14:49:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/07/17 14:49:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/07/17 10:38:17 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk

[2012/07/17 10:30:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf

[2012/07/17 10:30:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf

[2012/07/17 10:30:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/07/15 19:46:47 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Update Service.lnk

[2012/07/15 19:46:19 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll

[2012/07/15 19:46:19 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys

[2012/07/15 19:46:19 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys

[2012/07/15 19:42:58 | 042,259,496 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Update_Service_Setup-2.12.8.23.exe

[2012/07/12 18:18:45 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Menu.INI

[2012/07/12 09:51:54 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/01 18:29:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[114 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 15:17:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/07/19 11:34:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo_6.dll

[2012/07/19 11:31:41 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel

[2012/07/17 10:30:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01009.Wdf

[2012/07/17 10:30:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf

[2012/07/17 10:30:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2012/07/15 19:46:47 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Update Service.lnk

[2012/07/15 19:42:20 | 042,259,496 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Update_Service_Setup-2.12.8.23.exe

[2012/07/01 18:29:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2012/06/09 18:36:53 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat

[2012/06/07 16:33:47 | 121,907,174 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\autorun backup.reg

[2012/05/25 14:57:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2012/05/13 18:56:19 | 000,161,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/02/15 19:39:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll

[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

[2011/06/09 12:53:18 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/26 09:55:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT

[2011/03/11 13:32:29 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini

[2011/03/11 13:32:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini

[2010/11/08 15:20:15 | 000,053,812 | ---- | C] () -- C:\WINDOWS\uninst-vj.exe

[2008/10/06 16:28:35 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\ie.reg

[2008/03/03 21:54:30 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\mypage.htm

[2006/06/02 15:31:19 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/04/05 20:09:04 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

[2006/01/14 14:25:43 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat

[2001/11/25 15:34:56 | 000,004,942 | ---- | C] () -- C:\Program Files\sixteen.wav

[2001/11/25 15:34:56 | 000,003,916 | ---- | C] () -- C:\Program Files\six.wav

[2001/11/25 15:34:54 | 000,005,064 | ---- | C] () -- C:\Program Files\seventeen.wav

[2001/11/25 15:34:54 | 000,003,740 | ---- | C] () -- C:\Program Files\seven.wav

[2001/11/25 15:34:52 | 000,003,016 | ---- | C] () -- C:\Program Files\one.wav

[2001/11/25 15:34:50 | 000,004,724 | ---- | C] () -- C:\Program Files\nineteen.wav

[2001/11/25 15:34:50 | 000,003,662 | ---- | C] () -- C:\Program Files\nine.wav

[2001/11/25 15:34:48 | 000,004,586 | ---- | C] () -- C:\Program Files\four.wav

[2001/11/25 15:34:48 | 000,004,082 | ---- | C] () -- C:\Program Files\fourteen.wav

[2001/11/25 15:34:46 | 000,006,406 | ---- | C] () -- C:\Program Files\foul.wav

[2001/11/25 15:34:44 | 000,004,276 | ---- | C] () -- C:\Program Files\fifteen.wav

[2001/11/25 15:34:44 | 000,003,234 | ---- | C] () -- C:\Program Files\five.wav

[2001/11/25 15:34:42 | 000,004,660 | ---- | C] () -- C:\Program Files\eighteen.wav

[2001/11/25 15:34:42 | 000,003,742 | ---- | C] () -- C:\Program Files\eleven.wav

[2001/11/25 15:34:40 | 000,003,322 | ---- | C] () -- C:\Program Files\eight.wav

[2001/11/11 22:00:28 | 000,019,924 | ---- | C] () -- C:\Program Files\onehundredand.wav

[2001/11/11 21:59:50 | 000,017,192 | ---- | C] () -- C:\Program Files\onehundred.wav

[2001/11/11 21:59:04 | 000,014,752 | ---- | C] () -- C:\Program Files\ninety.wav

[2001/11/11 21:58:26 | 000,012,310 | ---- | C] () -- C:\Program Files\eighty.wav

[2001/11/11 21:57:54 | 000,016,612 | ---- | C] () -- C:\Program Files\seventy.wav

[2001/11/11 21:56:46 | 000,014,520 | ---- | C] () -- C:\Program Files\sixty.wav

[2001/11/11 21:56:02 | 000,013,880 | ---- | C] () -- C:\Program Files\fifty.wav

[2001/11/11 21:55:26 | 000,014,518 | ---- | C] () -- C:\Program Files\forty.wav

[2001/10/28 12:54:38 | 000,001,982 | ---- | C] () -- C:\Program Files\hardstrike.wav

[2001/10/28 12:30:46 | 000,001,396 | ---- | C] () -- C:\Program Files\Click.wav

[2001/10/28 12:14:10 | 000,050,544 | ---- | C] () -- C:\Program Files\clapping.wav

[2001/10/27 17:10:54 | 000,035,190 | ---- | C] () -- C:\Program Files\gameover.bmp

[2001/10/25 22:41:04 | 000,043,030 | ---- | C] () -- C:\Program Files\foul.bmp

[2001/04/19 08:52:54 | 000,042,303 | ---- | C] () -- C:\Program Files\pooltable.jpg

[2001/04/19 08:52:04 | 000,040,999 | ---- | C] () -- C:\Program Files\nineballtable.jpg

[2001/04/12 17:06:50 | 000,058,598 | ---- | C] () -- C:\Program Files\panel.jpg

[2000/01/18 14:11:30 | 000,001,422 | ---- | C] () -- C:\Program Files\bounce.wav

[2000/01/13 15:04:48 | 000,007,220 | ---- | C] () -- C:\Program Files\Pot.wav

========== LOP Check ==========

[2012/07/19 11:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo

[2012/01/30 13:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2012/06/20 10:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2008/10/08 22:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2007/12/06 17:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx

[2009/01/11 01:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI

[2011/05/01 14:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software

[2011/12/25 18:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut

[2012/01/30 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto

[2012/06/19 19:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2009/11/28 21:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/09/03 22:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent

[2008/01/23 21:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2008/09/23 15:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{53DDDDA7-EBF3-4523-BD4F-F0B48B818C1B}

[2009/07/25 19:15:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7D4B3D1D-104E-4507-9123-568BC721B7E2}

[2010/08/01 14:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Absolute Audio Converter

[2007/03/27 17:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Acelogix

[2010/07/23 16:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Burn Pro

[2009/02/17 19:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2007/07/27 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\COWON

[2012/07/13 17:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox

[2012/04/03 18:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ElevatedDiagnostics

[2011/09/11 16:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Foxit Software

[2008/03/03 19:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FrostWire

[2008/01/18 12:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FUJIFILM

[2011/04/18 10:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GlarySoft

[2011/05/16 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\gtk-2.0

[2007/04/14 00:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Image Zone Express

[2006/01/14 15:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo

[2009/03/04 16:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit

[2006/01/16 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2009/06/14 18:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MailWasherPro

[2008/09/23 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\NCH Swift Sound

[2012/05/28 23:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Opera

[2007/12/14 13:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PrevxCSI

[2011/05/01 14:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QFX Software

[2009/09/01 10:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\qs

[2005/09/03 19:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/06/22 15:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Serif

[2012/06/04 17:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sony

[2012/03/06 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Spotify

[2008/04/27 10:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Spyware Terminator

[2006/01/14 14:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template

[2010/04/29 11:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Thunderbird

[2007/10/01 21:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TrojanHunter

[2007/04/16 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software

[2011/04/11 17:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent

[2008/09/10 23:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WebCompiler3

[2009/02/28 20:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch

[2012/01/30 13:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol

[2008/09/20 22:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\wsInspector

[2009/04/05 15:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Zamaan's Software

[2010/01/04 11:02:19 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\$~$Sys0$.job

[2012/03/08 20:23:23 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2011/12/25 18:24:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\RegInOut Scheduled Scan - Compaq_Owner.job

[2010/07/09 12:32:19 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B949A862-EEE2-4FF7-AF4F-1D0133B7CF9F}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >

[2005/09/03 19:18:03 | 000,000,104 | ---- | M] () -- C:\.lnk

[2009/06/10 13:29:05 | 000,049,500 | ---- | M] () -- C:\aaw7boot.log

[2004/11/09 21:20:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012/07/20 19:17:16 | 000,000,281 | -HS- | M] () -- C:\boot.ini

[2004/08/04 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2004/11/09 21:20:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[1997/11/27 15:46:46 | 001,474,858 | ---- | M] () -- C:\consas.wav

[2002/07/25 16:25:08 | 000,399,872 | ---- | M] (DK Multimedia) -- C:\DKKernel.dll

[2002/07/23 15:04:06 | 000,043,008 | ---- | M] (DK Interactive Learning) -- C:\DKShRes.dll

[2002/07/25 16:25:12 | 000,349,184 | ---- | M] (DK Multimedia) -- C:\DKStore.dll

[2011/04/24 16:41:35 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR

[2006/12/10 17:11:14 | 000,193,024 | ---- | M] () -- C:\FamilyHistory_standard.wdb

[2007/03/12 21:29:16 | 014,993,976 | ---- | M] (Macrovision Corporation) -- C:\GoogleEarthWin.exe

[2002/07/23 15:04:12 | 003,264,000 | ---- | M] (DK Multimedia) -- C:\History2.dll

[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/12/08 18:55:09 | 000,030,720 | ---- | M] () -- C:\JOB APPLICATION.doc

[2011/09/23 15:26:27 | 044,761,088 | ---- | M] () -- C:\LogFile.Etl

[2004/11/09 21:20:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[1999/12/06 22:00:00 | 000,565,760 | ---- | M] (Microsoft Corporation) -- C:\msvcp50.dll

[2001/10/30 04:57:00 | 000,290,869 | ---- | M] (Microsoft Corporation) -- C:\msvcrt.dll

[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/11/28 16:31:56 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/07/25 15:19:30 | 1048,576,000 | -HS- | M] () -- C:\pagefile.sys

[2012/05/19 23:31:24 | 000,000,359 | ---- | M] () -- C:\rkill.log

[2010/08/10 15:53:48 | 000,062,337 | ---- | M] () -- C:\Second part.jpg

[2010/08/10 15:52:00 | 000,067,262 | ---- | M] () -- C:\Startup.jpg

[2011/03/13 16:12:59 | 000,001,909 | ---- | M] () -- C:\trackers.lst

[2006/06/17 16:45:40 | 000,005,065 | ---- | M] () -- C:\Uninst.isu

[2009/10/31 20:13:03 | 000,000,328 | ---- | M] () -- C:\updatedatfix.log

[2007/05/06 11:11:03 | 000,177,152 | ---- | M] () -- C:\utorrent.exe

[2007/12/06 16:27:50 | 018,476,841 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WDM_A403.exe

[2010/08/16 17:19:37 | 000,091,450 | ---- | M] () -- C:\xpbootlog.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[44 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

[44 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

[2004/11/09 21:10:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/11/09 21:10:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/11/09 21:10:20 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

[2000/01/18 14:11:30 | 000,001,422 | ---- | M] () -- C:\Program Files\bounce.wav

[2001/10/28 12:14:10 | 000,050,544 | ---- | M] () -- C:\Program Files\clapping.wav

[2001/10/28 12:30:46 | 000,001,396 | ---- | M] () -- C:\Program Files\Click.wav

[2001/11/25 15:34:40 | 000,003,322 | ---- | M] () -- C:\Program Files\eight.wav

[2001/11/25 15:34:42 | 000,004,660 | ---- | M] () -- C:\Program Files\eighteen.wav

[2001/11/11 21:58:26 | 000,012,310 | ---- | M] () -- C:\Program Files\eighty.wav

[2001/11/25 15:34:42 | 000,003,742 | ---- | M] () -- C:\Program Files\eleven.wav

[2001/11/25 15:34:44 | 000,004,276 | ---- | M] () -- C:\Program Files\fifteen.wav

[2001/11/11 21:56:02 | 000,013,880 | ---- | M] () -- C:\Program Files\fifty.wav

[2001/11/25 15:34:44 | 000,003,234 | ---- | M] () -- C:\Program Files\five.wav

[2001/11/11 21:55:26 | 000,014,518 | ---- | M] () -- C:\Program Files\forty.wav

[2001/10/25 22:41:04 | 000,043,030 | ---- | M] () -- C:\Program Files\foul.bmp

[2001/11/25 15:34:46 | 000,006,406 | ---- | M] () -- C:\Program Files\foul.wav

[2001/11/25 15:34:48 | 000,004,586 | ---- | M] () -- C:\Program Files\four.wav

[2001/11/25 15:34:48 | 000,004,082 | ---- | M] () -- C:\Program Files\fourteen.wav

[2001/10/27 17:10:54 | 000,035,190 | ---- | M] () -- C:\Program Files\gameover.bmp

[2001/10/28 12:54:38 | 000,001,982 | ---- | M] () -- C:\Program Files\hardstrike.wav

[2001/11/25 15:34:50 | 000,003,662 | ---- | M] () -- C:\Program Files\nine.wav

[2001/04/19 08:52:04 | 000,040,999 | ---- | M] () -- C:\Program Files\nineballtable.jpg

[2001/11/25 15:34:50 | 000,004,724 | ---- | M] () -- C:\Program Files\nineteen.wav

[2001/11/11 21:59:04 | 000,014,752 | ---- | M] () -- C:\Program Files\ninety.wav

[2001/11/25 15:34:52 | 000,003,016 | ---- | M] () -- C:\Program Files\one.wav

[2001/11/11 21:59:50 | 000,017,192 | ---- | M] () -- C:\Program Files\onehundred.wav

[2001/11/11 22:00:28 | 000,019,924 | ---- | M] () -- C:\Program Files\onehundredand.wav

[2001/04/12 17:06:50 | 000,058,598 | ---- | M] () -- C:\Program Files\panel.jpg

[2001/04/19 08:52:54 | 000,042,303 | ---- | M] () -- C:\Program Files\pooltable.jpg

[2000/01/13 15:04:48 | 000,007,220 | ---- | M] () -- C:\Program Files\Pot.wav

[2001/11/25 15:34:54 | 000,003,740 | ---- | M] () -- C:\Program Files\seven.wav

[2001/11/25 15:34:54 | 000,005,064 | ---- | M] () -- C:\Program Files\seventeen.wav

[2001/11/11 21:57:54 | 000,016,612 | ---- | M] () -- C:\Program Files\seventy.wav

[2001/11/25 15:34:56 | 000,003,916 | ---- | M] () -- C:\Program Files\six.wav

[2001/11/25 15:34:56 | 000,004,942 | ---- | M] () -- C:\Program Files\sixteen.wav

[2001/11/11 21:56:46 | 000,014,520 | ---- | M] () -- C:\Program Files\sixty.wav

[2001/10/29 23:21:08 | 000,001,272 | ---- | M] () -- C:\Program Files\skin.txt

[2009/05/26 15:30:12 | 000,005,632 | -HS- | M] () -- C:\Program Files\Thumbs.db

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/21 08:41:40 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/21 08:41:40 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/21 08:41:40 | 000,867,072 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/21 08:41:45 | 000,913,888 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/21 08:41:45 | 000,913,888 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/21 08:41:45 | 000,913,888 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >