Cpu usage dropping and spiking

Hi, I am having an issue with my cpu usage dropping to almost 0%, and then spiking to over 80%. This happens all the time, and I have to wait for it to return to normal before proceeding with any thing I'm doing. I am on Facebook a lot, and my email, which is yahoo.
I have run Malwarebytes, a virus scan with Avira and SuperAntispyware, and a HiJackThis log. I have emptied my temp files and my recycle bin, to no avail. I have disabled a few programs that I really do not use anymore and deleted games that I don't play anymore.
The specs of my pc are E Machines Intel D 3.0G, Vista home premium, 32 bit, with 1014 mb of ram. Yes, I know I need more RAM, but can not afford it at this time.
I would like to note that I love to play the pc games, so have quite a few installed. The cpu usage dropping and spiking only seems to do it when online. I am using a USB wireless internet connection, which is usually at 2 bars.
Any help with regulating my cpu usage would be greatly appreciated. Thank you

Hello, you could open task manager and look at Performance Tab, and open up the Resource Monitor to help identify the process running. Another thing , i like this one. is Process explorer program, it lets you see all processes and identify them , you can also stop them with it . same as task manager, cept it is way more detailed. Process Explorer and it is free.

My son just installed the process explorer the other night, and I do see that it shows a more detailed list of what is running. I am using Chrome, and it seems like for every tab that I have open, there are 2 chrome processes running. I have updated my chrome, and I still have the issues with the cpu.

Is that the process that causes the spike ?

so, my microsoft problem reports box popped up and stated that I have the win 32/ small.ca virus on my pc. It is actually a trojan dropper. I have looked for it using hijackthis, malwarebytes, and microsoft safety scan, and unable to find it. How do I manually get rid of it?
And the main problem I am having with my cpu usage, is it drops to almost nothing, and whatever I am doing freezes.

OTL

Download OTL OldTimer's List-It - Geeks to Go Forums to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

YardDog, Don't directly link to an exe. Link to the d/l page or better yet to the programs info page.

Jness, I think you're f'd. From researching, small.ca is a backdoor, it isn't bad, but what it allows in is.

Could you try scanning with housecall.trendmicro.com Its an online scan, and will not be compfrimised by a possible infection.


Other than you intermittent slow down, any other signs:/ odd emails, pop-ups etc?

Its time you backup your important data to disk or external hard drive. You might have a rootkit, which explains why it isnt detected, and the only way to fix it is a format!

good luck.

the link to the housecall.trendmicro.com goes right back to vista forums. I'll try and find it.

Can you please post the requested log for me ?

Here is the otl.txt file. Its huge:


OTL logfile created on: 12/29/2011 6:29:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Specter\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.41 Mb Total Physical Memory | 467.91 Mb Available Physical Memory | 46.17% Memory free
2.94 Gb Paging File | 2.14 Gb Available in Paging File | 73.01% Paging File free
Paging file location(s): c:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.22 Gb Total Space | 80.44 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 4.34 Gb Free Space | 44.91% Space Free | Partition Type: NTFS

Computer Name: C1PDWINVIS | User Name: Specter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Specter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Specter\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll ()
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter9\npwmi.dll ()
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter9\npsurvey.dll ()
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter9\npsp1.dll ()
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter9\communication.dll ()
MOD - C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
MOD - C:\Program Files\Desktop Icon Toy\HookManager.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (FastUserSwitchingCompatibility) -- File not found
SRV - (AutoInstallEJCD) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NielsenUpdate) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (PanelSvc) -- C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe ()
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AFS) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (nnfwdk) -- C:\Program Files\NetRatingsNetSight\NetSight\meter9\nnfwdk.sys (The Nielsen Company)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (ZDC., Inc. (ZDC))
DRV - (QW720V32) Qwest 802.11n XN720 Driver(vista) -- C:\Windows\System32\drivers\WLANUHN.sys (Atheros Communications, Inc.)
DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.sys (Exent Technologies Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (JL2005C) -- C:\Windows\System32\drivers\jl2005c.sys (Windows (R) 2000 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (CdaD10BA) -- C:\Windows\System32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter.sys ()
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = A Swarm of Free Traffic to Your Site Guaranteed! Get Targeted Free Advertising with TrafficSwarm.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=524517"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=524517&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Specter\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Specter\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/07/16 11:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/10 10:40:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 07:50:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 13:47:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{53F9B74B-B22A-4EB0-9FEB-14F05390930C}: C:\Users\Specter\AppData\Local\Valued Opinions\PanelApp\ff [2010/02/10 10:04:08 | 000,000,000 | ---D | M]

[2011/10/11 16:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\extensions
[2008/09/10 10:43:14 | 000,000,000 | ---D | M] (Scour Toolbar) -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\extensions\{247A53FC-FD17-B6D0-67D8-4D9C81D8E0B2}
[2009/06/06 08:10:33 | 000,000,000 | ---D | M] (Big Fish Games Toolbar) -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2008/12/23 16:00:17 | 000,000,000 | ---D | M] (eGames Toolbar) -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\extensions\{b2b46577-0217-4ec5-a467-7a1e8d0d7b71}
[2009/09/16 13:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/12/12 11:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\searchplugins\MySpace.xml
[2008/06/04 13:52:00 | 000,000,683 | ---- | M] () -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\searchplugins\quicksearch.xml
[2008/07/05 02:26:39 | 000,000,276 | ---- | M] () -- C:\Users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\searchplugins\search.xml
[2011/10/02 13:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/31 17:50:58 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/08 00:53:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/11 16:11:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/04/11 09:15:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/09 06:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/10 07:05:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/13 11:23:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/24 01:46:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/02 13:56:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/12/31 17:50:58 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/31 17:50:44 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/31 17:50:44 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/31 17:50:44 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2010/10/04 17:55:54 | 000,556,032 | ---- | M] (The Nielsen Company) -- C:\Program Files\mozilla firefox\components\nsgkff20_meter9.dll
[2008/12/31 17:50:46 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/31 17:50:47 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/02 13:55:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/31 17:50:53 | 000,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/09/05 10:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/01/10 10:38:45 | 000,151,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2011/01/10 10:42:16 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2011/01/10 10:38:08 | 000,100,352 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/12/31 17:50:55 | 000,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/31 17:50:55 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/31 17:50:55 | 000,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/31 17:50:55 | 000,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/31 17:50:55 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/01/18 01:11:02 | 000,000,846 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Specter\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Specter\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Specter\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: NielsenOnline (Enabled) = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.2.0_0\chrometracker.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Specter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AT_ChuckAnderson = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Nielsen = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Specter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKCU..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Specter\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([%20www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E46F806-E6FE-42FF-A4C3-62B86053A0C0}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Specter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Specter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{504f3805-aae9-11df-8d06-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{504f3805-aae9-11df-8d06-00038a000015}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{7813f988-f31f-11dd-b6b1-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{7813f988-f31f-11dd-b6b1-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 03:30:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2007/08/12 17:01:43 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 18:03:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 17:54:08 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:54:08 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 17:40:25 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011/12/29 17:36:37 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-238331562-2711603885-3829185935-1000UA.job
[2011/12/29 17:16:48 | 000,257,900 | ---- | M] () -- C:\Users\Specter\AppData\Local\census.cache
[2011/12/29 17:16:33 | 000,241,125 | ---- | M] () -- C:\Users\Specter\AppData\Local\ars.cache
[2011/12/29 16:05:07 | 000,000,036 | ---- | M] () -- C:\Users\Specter\AppData\Local\housecall.guid.cache
[2011/12/29 15:54:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 15:54:05 | 000,067,584 | --S- | M] () -- C:\Windows\BootStat.dat
[2011/12/29 15:54:04 | 1063,219,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 01:58:27 | 000,002,487 | ---- | M] () -- C:\Users\Specter\Desktop\HiJackThis.lnk
[2011/12/26 12:21:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/26 11:36:28 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-238331562-2711603885-3829185935-1000Core.job
[2011/12/26 03:30:24 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/26 03:24:39 | 000,676,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 03:24:39 | 000,125,874 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/16 08:39:15 | 000,002,054 | ---- | M] () -- C:\Users\Specter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/16 08:39:14 | 000,002,092 | ---- | M] () -- C:\Users\Specter\Desktop\Google Chrome.lnk
[2011/12/14 14:30:07 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/12/06 14:46:38 | 000,094,691 | ---- | M] () -- C:\Users\Specter\Desktop\Auto Quote.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 17:40:08 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/12/29 17:16:48 | 000,257,900 | ---- | C] () -- C:\Users\Specter\AppData\Local\census.cache
[2011/12/29 17:16:33 | 000,241,125 | ---- | C] () -- C:\Users\Specter\AppData\Local\ars.cache
[2011/12/29 16:05:07 | 000,000,036 | ---- | C] () -- C:\Users\Specter\AppData\Local\housecall.guid.cache
[2011/12/06 14:46:37 | 000,094,691 | ---- | C] () -- C:\Users\Specter\Desktop\Auto Quote.pdf
[2011/10/01 18:32:57 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/18 21:38:47 | 000,010,691 | ---- | C] () -- C:\Users\Specter\AppData\Roaming\UserTile.png
[2010/12/14 12:37:13 | 000,034,468 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2010/12/14 12:37:13 | 000,028,922 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2010/11/15 16:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/05 06:58:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/19 12:23:30 | 000,000,067 | ---- | C] () -- C:\Windows\WpsCenterV.INI
[2010/05/07 11:47:30 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/09/23 23:16:28 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/07 05:51:02 | 000,067,584 | --S- | C] () -- C:\Windows\BootStat.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/06 08:10:01 | 000,000,059 | ---- | C] () -- C:\Users\Specter\AppData\Local\Tempdir
[2009/02/18 13:08:45 | 000,000,401 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/02/16 19:06:07 | 000,025,530 | ---- | C] () -- C:\Users\Specter\AppData\Local\slot1.mm1
[2009/02/06 13:06:30 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/12/16 18:22:04 | 000,000,660 | ---- | C] () -- C:\Windows\eReg.dat
[2008/11/16 13:27:00 | 000,000,025 | ---- | C] () -- C:\Users\Specter\AppData\Roaming\tcw_config.cfg
[2008/11/02 18:56:54 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2008/03/02 11:11:25 | 000,004,892 | ---- | C] () -- C:\Users\Specter\AppData\Local\d3d9caps.dat
[2007/11/30 09:26:30 | 000,000,470 | ---- | C] () -- C:\Users\Specter\AppData\Roaming\wklnhst.dat
[2007/11/25 19:45:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/21 09:57:33 | 000,000,291 | ---- | C] () -- C:\Windows\bbbconfig.dat
[2007/10/13 01:46:04 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2007/09/27 14:19:17 | 000,000,148 | ---- | C] () -- C:\Windows\System32\acmeinc.ini
[2007/09/27 14:19:17 | 000,000,116 | ---- | C] () -- C:\Windows\System32\vxdtgm.ini
[2007/08/02 21:40:00 | 000,000,041 | ---- | C] () -- C:\Windows\popcinfo.dat
[2007/07/25 12:58:49 | 000,000,019 | -H-- | C] () -- C:\Windows\System32\winrscpxd.ini
[2007/07/08 11:25:27 | 000,032,549 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2007/06/17 01:40:50 | 000,000,043 | ---- | C] () -- C:\Windows\System32\orion.ini
[2007/06/16 22:01:27 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/16 22:01:27 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/05 13:37:04 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2007/06/05 13:37:04 | 000,046,592 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2007/06/05 13:37:04 | 000,037,248 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2007/06/05 13:37:03 | 000,039,552 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2007/06/04 21:58:10 | 000,138,752 | ---- | C] () -- C:\Users\Specter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/16 15:26:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2007/02/16 15:26:24 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007/02/16 15:26:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/02/16 15:00:16 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/02/16 14:47:58 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/02/16 14:47:58 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/02/16 14:47:58 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/02/16 14:47:58 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/20 15:19:48 | 000,034,176 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter.sys
[2006/11/09 16:36:27 | 000,103,984 | ---- | C] () -- C:\Windows\System32\AOLDial.dll
[2006/11/02 05:47:37 | 000,305,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,676,350 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,125,874 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2006/02/08 04:31:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\Aops.dll
[2005/07/28 18:57:26 | 000,057,856 | ---- | C] () -- C:\Windows\System32\StickyKey.dll
[2005/03/07 11:27:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\winclose.dll
[2004/12/06 03:18:26 | 000,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2004/12/05 15:42:22 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Dxn.dll
[2004/08/03 14:58:26 | 000,092,672 | ---- | C] () -- C:\Windows\System32\reg.dll
[2004/02/20 13:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll

========== LOP Check ==========

[2009/12/08 16:54:22 | 000,000,000 | -HSD | M] -- C:\Users\Specter\AppData\Roaming\.#
[2010/01/20 12:58:28 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\7thsense
[2007/11/13 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Abra Academy2
[2007/12/30 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Age of Japan II
[2008/07/08 00:36:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Alawar
[2008/07/24 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Amaranth Games
[2009/03/13 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Anabel
[2008/07/11 09:01:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2009/03/20 17:21:08 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ArcadeTown
[2009/06/10 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Argonyt
[2011/10/09 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Arkadium
[2009/10/09 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\art2
[2009/02/11 22:11:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Artogon
[2008/02/10 23:35:11 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Aveyond II
[2010/11/06 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Awem
[2009/04/25 04:03:00 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Azuaz Games
[2010/03/04 13:17:03 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BanzaiInteractive
[2009/08/23 21:19:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BarbarianGames
[2008/09/06 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BeachPartyCraze
[2011/10/08 09:20:44 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Big Fish Games
[2009/06/21 01:36:20 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BlamGames
[2010/09/04 18:12:16 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\blg
[2008/01/17 01:53:36 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BloodTies
[2010/08/25 07:41:40 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Bloom
[2010/10/28 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Boolat Games
[2010/06/30 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Boomzap
[2011/08/04 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BowWow
[2009/03/08 14:23:17 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BrandX Games
[2009/12/19 17:40:49 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\BrokenHearts
[2010/08/28 22:56:30 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Brunhilda_bfg
[2008/10/23 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\CaribbeanHideaway
[2011/01/05 13:31:30 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Casual Arts
[2009/11/26 19:28:32 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Cat's Eye Games
[2008/11/19 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\cerasus.media
[2010/05/16 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Chains
[2009/12/09 22:31:26 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ChaYoWo Games
[2009/04/23 01:15:45 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Coyotes Tale
[2009/12/02 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Curious Sense
[2009/10/02 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Dekovir
[2010/01/10 01:03:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Dragon Altar Games
[2009/10/10 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\DreamDale
[2007/10/24 00:22:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\EA
[2009/02/22 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\eGames
[2008/06/12 21:41:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\egamestoolbar
[2009/11/16 15:26:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\EleFun Games
[2010/09/03 07:39:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Elephant Games
[2009/06/19 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Enchanted Katya
[2008/07/15 22:52:49 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\EnchantedCavern
[2009/10/02 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Enki Games
[2010/04/29 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ERS G-Studio
[2009/11/29 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\EscapeTheMuseum2
[2008/10/03 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Eyeblaster
[2009/01/17 15:22:59 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Fabulous Finds
[2009/12/05 00:36:30 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FairyNook
[2009/03/22 14:05:11 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FairyTale
[2008/12/12 21:21:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Farm Mania
[2008/07/16 16:29:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FarmerJane
[2008/11/09 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FirstColony
[2007/06/05 02:55:16 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FlashGet
[2010/01/20 09:39:57 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Flood Light Games
[2011/08/15 21:48:34 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Floodlight Games
[2007/10/31 03:48:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FloodLightGames
[2007/11/04 02:51:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FlowPlay
[2010/10/19 08:10:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\FlyWheelGames
[2007/11/23 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ForgottenRiddles
[2008/07/19 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ForgottenRiddles2
[2010/04/28 11:57:04 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Freeze Tag
[2010/06/27 11:52:31 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\freshgames
[2009/12/23 19:36:42 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Friday's games
[2010/03/19 16:40:06 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Frogwares
[2011/10/08 07:33:40 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\funkitron
[2009/11/14 00:21:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Gaijin Ent
[2009/12/15 04:37:55 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Game Mill Entertainment
[2008/02/28 18:47:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GameBlend
[2008/11/20 16:13:52 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GameHouse
[2009/04/18 12:56:08 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GameHousev1002
[2010/06/29 00:47:53 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GameInvest
[2008/11/18 14:21:47 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Gamelab
[2010/10/30 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Gamers Digital
[2009/11/16 00:24:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Games
[2010/05/15 16:36:10 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GamesCafe
[2009/02/08 22:27:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GameTantra
[2007/11/04 02:14:21 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\gemsweeperextractedgfx
[2008/05/13 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Genimo
[2008/08/15 16:09:08 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2008/11/20 13:09:28 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Gogii Games
[2009/08/31 00:48:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Gold Casual Games
[2009/09/16 10:06:45 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GraveyardShift
[2009/10/25 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\GTM_Bodie
[2009/03/19 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HamsterWarrior
[2011/11/28 09:34:56 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HdO Adventure
[2010/05/29 17:07:44 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HillStoneAnimationStudios_MBV
[2009/04/22 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HiT-MM
[2007/12/18 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Home Sweet Home
[2009/09/28 03:12:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HSA
[2009/07/07 00:39:14 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\HuruBeachParty
[2009/12/11 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\iMaxGen
[2008/03/23 20:01:45 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\IMVU
[2008/01/02 01:25:17 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Intenium
[2009/01/03 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\IOMediaSupport6SZZ001s
[2009/02/06 23:02:34 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Island
[2008/09/08 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ITTNord
[2010/08/13 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\iWin
[2008/01/04 04:10:53 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\iWinArcade
[2007/10/29 11:45:23 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Jane s Hotel
[2009/09/23 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Jane s Hotel Family Hero
[2010/11/08 12:32:44 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Jenkat
[2009/02/05 22:57:12 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Jetsetter
[2009/12/20 20:02:09 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\JoyBits
[2009/10/17 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\KlickTock
[2009/12/02 21:19:48 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\KranX Productions
[2008/01/14 15:22:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Land Of Runes
[2010/05/16 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Lazy Turtle Games
[2008/11/04 22:21:20 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Leadertech
[2007/11/17 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Legends of pirates
[2008/06/03 15:07:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\LimeWire
[2009/07/19 02:11:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Little Games Company
[2010/05/11 15:29:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Little Noir Stories
[2011/01/19 08:54:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Lost in the City
[2008/05/31 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Ludia
[2009/08/25 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MA
[2009/11/08 10:13:07 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Magic Academy
[2009/10/03 18:04:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Magic Academy 2
[2010/06/25 02:32:20 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Magic3
[2008/01/01 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MagicBall3
[2009/10/12 05:36:49 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MagicBall4
[2010/11/04 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MAI
[2009/12/07 03:39:52 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MastersOfMystery2
[2009/06/10 20:21:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Mean Hamster
[2010/01/20 17:01:03 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Mean Hamster Software
[2009/07/20 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2010/04/14 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MemoryClinic
[2010/04/20 17:52:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Meridian93
[2010/09/14 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Merscom
[2009/10/19 05:49:22 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MissTeriTale3
[2008/08/24 01:37:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\mojosoft
[2008/10/18 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Mushroom Age
[2010/08/21 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\My Games
[2010/06/05 13:15:52 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MyScribe
[2010/01/19 18:40:59 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\MysteryStudio
[2007/11/14 01:03:56 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Mysteryville2
[2008/08/24 01:50:12 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Mythic Adventure
[2008/09/12 12:55:45 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Oberon Games
[2009/08/25 01:26:36 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Oberonv1001
[2007/11/03 15:32:07 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Ohana Games
[2009/10/16 20:14:00 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Once Upon a Time in Chicago
[2009/12/08 00:39:05 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\OtherSide Realm of Eons
[2008/10/10 23:37:41 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\panoramik
[2009/07/23 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Peace Craft
[2011/03/18 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PeerNetworking
[2008/10/24 22:05:05 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PetShowCraze
[2009/10/15 14:03:17 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Ph03nixNewMedia
[2008/10/19 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Pi Eye Games
[2009/06/17 01:47:44 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\pixelStorm
[2008/06/12 12:26:34 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PlanetPlayMore
[2010/10/20 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PlayFirst
[2008/12/26 10:41:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Playfirst Ashtons Family Resort
[2009/07/15 01:00:28 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PlayFirst_DressUpRush
[2009/11/27 22:56:30 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Playrix Entertainment
[2009/12/02 03:36:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\PoBros
[2009/06/03 04:14:09 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Pogo Games
[2009/10/10 05:03:54 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Princess Isabella
[2010/09/06 11:57:38 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\quickclick
[2009/06/05 15:27:14 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Reflexive 3 Days Zoo Mystery
[2009/04/22 23:16:48 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Reflexivev1002
[2009/02/06 13:02:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\RegClean
[2007/06/19 01:58:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Resource Tuner
[2008/05/08 17:26:42 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Restorer
[2008/08/24 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Righteous Kill
[2009/01/26 00:53:48 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\RobinsonCrusoe
[2007/06/04 22:04:36 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SampleView
[2007/10/28 23:47:00 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Sandlot Games
[2010/09/11 22:40:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Sarah Maribu and The Lost World
[2008/10/25 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SecretIslandEng
[2009/03/04 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SerpentOfIsis
[2010/02/17 08:56:05 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SevenSails
[2009/04/05 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Shape games
[2009/08/03 00:56:10 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\she_is_a_shadow
[2010/11/06 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ShinyTales
[2009/04/16 21:50:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Skunk Studios
[2009/03/19 19:39:19 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Sortasoft
[2009/01/03 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Spinapse
[2008/07/27 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SpinTop
[2009/07/17 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SpinTop Games
[2008/03/08 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SprillBermudeEng
[2009/08/30 00:47:49 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SprillRichiEng
[2007/08/09 00:14:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Stamps.com Internet Postage
[2008/04/15 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\StoneLoopsBF
[2008/05/09 06:43:54 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\StoneLoopsRE
[2008/05/31 13:38:06 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Sudden Games
[2010/09/01 22:15:55 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Sudden Games LLC
[2008/05/24 18:01:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SultansLabyrinth
[2010/08/21 23:12:24 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\SulusGames
[2009/01/03 16:17:03 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Suspects and Clues Players
[2009/01/03 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Suspects and Clues Prefs
[2008/01/04 03:03:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Teggo
[2010/08/02 09:26:31 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TeleportGamesLtd
[2008/01/16 20:49:33 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Template
[2010/01/11 07:47:15 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TheFixerUpper
[2008/02/11 23:12:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TheScruffs
[2009/11/17 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TitanicMystery
[2010/11/07 10:30:01 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Titanium Gears
[2008/08/24 15:35:50 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TMInc
[2010/09/16 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\TOMI2.THE GATES OF FATE
[2010/04/12 10:43:35 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Top Evidence
[2009/04/17 20:26:47 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Total Eclipse
[2009/12/08 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Trio
[2009/05/02 20:24:58 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Twintale Entertainment
[2009/04/18 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\UClick
[2008/03/03 22:40:06 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Uniblue
[2008/10/21 19:02:51 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\UNOUndercover
[2009/11/25 22:36:43 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\URSE Games
[2011/03/28 20:26:28 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\uTorrent
[2009/07/16 05:03:47 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\V-Games
[2010/01/17 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Valusoft
[2009/09/29 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\VampireSaga
[2011/05/14 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Vasilek Games
[2007/11/01 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\VeniceMysteryData
[2009/02/12 18:35:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\ViquaSoft
[2008/03/13 15:25:41 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\VisualShape
[2009/09/23 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Vso
[2009/09/23 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\VTExtra
[2008/03/28 16:06:08 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Wildfire
[2007/06/07 05:06:09 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\WildTangent
[2009/11/27 01:27:25 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Winv1001
[2009/04/19 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\Winv1002
[2010/01/21 19:37:45 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\World-LooM
[2010/09/11 22:42:59 | 000,000,000 | ---D | M] -- C:\Users\Specter\AppData\Roaming\YoudaGames
[2011/12/26 12:21:00 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/29 15:52:22 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9BD3BB58
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:4F0CDE51
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:247A9485
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D0915E68
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:A9DDC4C9
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:92EB0F35
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:7FDF5B65
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:777E57E3
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:0AB0034C
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:F5BB3BCF
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:96A96205
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2E301D62
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1E5E0A4D
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:182786D9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E86244EA
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:43157EDE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:2E8693D7
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:27E9A6DE
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:0E2D3F65
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:CDCFEE39
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:B9AA1D6D
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:B2077F63
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9FC6A89E
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:178708E6
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:FE0D0B5A
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E92C67B9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E0F561FE
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:89C2A42C
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:42CCBD47
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2032CC2B
@Alternate Data Stream - 337 bytes -> C:\ProgramData\TEMP:4D98FE3E
@Alternate Data Stream - 325 bytes -> C:\ProgramData\TEMP:9AF3A05F
@Alternate Data Stream - 313 bytes -> C:\ProgramData\TEMP:1387592D
@Alternate Data Stream - 310 bytes -> C:\ProgramData\TEMP:E94813C8
@Alternate Data Stream - 308 bytes -> C:\ProgramData\TEMP:72E74C26
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP:5C5DFEA1
@Alternate Data Stream - 302 bytes -> C:\ProgramData\TEMP:CF696327
@Alternate Data Stream - 291 bytes -> C:\ProgramData\TEMP:B72729D8
@Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:D8F9D810
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:F67AAFC5
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:6F1F66C0
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:2FC7B9E4
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:C663BCCD
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A1E150FD
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:AE61C65A
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:5D7FF654
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ED54EEBD
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:80255877
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:332F18D9
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:E23B7072
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:48864ADF
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:306E3C70
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:00E4A1FE
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:3A8F1670
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:75B1A93C
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:80A872BC
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:CE80F8B0
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:29B5B25D
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:18E3F0E4
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:C7504B28
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:0C3BC7DF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5B20ED3F
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:F36F14D3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:5AB005C3
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:20EE4171
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F073D52C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ADE67221
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:33E12B7A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F2AAAF0F
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D667795F
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5D10C56A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:415BC428
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3A7527E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E6CCB309
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DC21D414
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D4BB0AD6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:953CB9E9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3B4DA230
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2899566E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F9C6DE8B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E2989574
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D99A9131
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:BACB6B6C
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B60D5127
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9F38BF31
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:908A1B53
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7210ACCB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:67310058
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5DCAA4D3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:167A825D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:13EC636E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DD842FD5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:816255C3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1E17A249
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FB647F34
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DE4B5886
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:AF24D911
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:87A1C898
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A01545C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:367F03D2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FBE5FDB9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA10407C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6212DF7A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5FACFF6A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:36FFA2FB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:32ED8AE7
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0E67073E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AED7F4CF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:9CB0D645
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:76953F21
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:405D842B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:37E54057
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:02387389
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0115CC2E
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D770A15D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D3EC24B3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A8DFD30C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A6810B91
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:708793B6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ACBFC561
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:65521523
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:45858237
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E9645B80
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:ABE818FA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:220C42CA
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:147A3409
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:13EF4AF6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DF0DB8AB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2C399CCA
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0F16D679
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E326AD15
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BC29ABAC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A8FAD1F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:A7B70C4E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:29629382
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0F38B460
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EFF3C3C8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D23FAE12
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D0757AAB
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B47D513A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:30FF836C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:28311D91
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:122B409D
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:100E92DA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0CDC6617
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:08660BC0
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D390A6A7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5A2814C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9FE30AB2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:43ECEA33
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2E65951B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:182D85B1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F8CDA1A5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5816AB5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DEDAEF90
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B3A6CA11
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AAE40678
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A96D3F23
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943E8182
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:537E6E55
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4F30F326
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:058D6249
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D0B580D9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B54E4B5A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A296A63F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:988216DA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:93D985FC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7F57F58E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5FEFEAEF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:554C6431
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3C859CF5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:351CE410
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0F3F6B1E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0E11E400
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DB77E2C4
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DA24A961
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C86B29EB
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B4F0E275
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CCDAB14
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7290F122
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:701FCC18
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5A8F8A0C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:51E1A4D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2935AA1D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:19ACB9EE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:15769D8A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:067F588D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D12256C7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:99352C4C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8B51CAAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:77F75B20
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:72F57408
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:61A8DEEF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5FFC2819
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:31B401F6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:294A5F28
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:163B8B93
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:14FA5E46
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:04ED07B4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:03C75FD1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FAF6860A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F6424B89
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EE39C93C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E027789A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BD871799
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B6285236
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:ABA71843
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:92F3A33D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8EEDCEA2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:86CC903F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:698AFB4D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:68DA8CC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5025C6E4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2411B07C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:13ABD3EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F6E0ED6E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F21CB906
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D8AE60A7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2593961
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:91FFEC32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5FA4CB99
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:56921EF0
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4A6AD8EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2F943019
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2F6462DF
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:25BA2318
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1F7A10DD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1BDF7E7D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:05321270
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:FBE81670
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EA1919C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C611D6C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C30487EE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AC0528D9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:79A70C33
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:74A34D19
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6F89846E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:69B9AAE7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6250A8A7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3BF63E4A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:20FFCF0B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:1A4BF204
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:12C6BEC7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F986CC21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F4242C54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CADE3CFB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C03F5109
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B0EB578B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AC94C341
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9EE6560D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:99762419
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9615F95C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8D25608D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:864881BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8437DC46
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:615435BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:52A63A46
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:42B6425E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1E7308B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0971B5CA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FD5FB170
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EA938234
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DD629819
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C2151AD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B6FD7157
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AD8D39FA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9BCC8D9F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:908019AD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:7594D157
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:639CCB94
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:43E95997
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3F6BE44B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1FBE3CEB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:13DF9DD1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FE2D31D5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FDDE312D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EDE10845
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DFC179F0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D67A3B22
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8E29393
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C4CB577E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BCFDAB5F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9FA9052D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:81405BF2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:72211901
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:59FC1BE7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4C8D088C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:48D30F15
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:425759C6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:370EF5E8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:359B5EAB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33D7490A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2E9900EE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2C27D9EC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1B7E2022
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:097CF772
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:03392111
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FC98D33A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:FB65A4AA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F43B7E8F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EF794BCD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:EC3A9923
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D83224FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D3C52D24
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C5901F6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C4F37A10
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C2FF2B0A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BB6235DF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CDBCAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:99D1490F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:90A2BDE4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8DD36B71
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8999FD56
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:74699137
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6A0CE027
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:699E0EA8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F51822D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:42AA9954
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2ED35895
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2832349A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:21C2E351
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0FA1EAA7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FE7605F1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D2E4607B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A0CB43B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A00BCDEF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:86A8CE8D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:85DA68FC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:814692DF
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7BA09728
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6E8472D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:538DC028
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:52B3B2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4F3BEF81
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:408F96DA
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3F4AFB14
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3DF63AD7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3D6B89CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3CFF1691
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2D5A2122
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:28DB0DC4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:268BA8AB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16C16B18
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FC60E0F8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F53A011E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F3B16204
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F321F01E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EAFE3041
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C9478477
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B2F2BE03
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:996104FC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8BA6C9F8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AA99C0C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:842B0AED
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:62A8CB63
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5FB7A2BD
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:41B3EF33
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:40BAD1B0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4041DE6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3815BC84
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:370E4EFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:32C16177
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:20B6BE19
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:17F7AEA3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1302F4EC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0E89C78E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EC36F550
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E7A21528
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4C064D9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D18D7C38
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B6DD66C5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A41FEAA2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A05F750A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77406C46
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:77248999
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C68FD2C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4CF2A6CC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3A78F62C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:11EFE63D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0C13C008
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0953BA28
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E9B13D2F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E84CA8F2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D8FD0E4B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D3D08545
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:CB0EB1DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A5135BA4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8FC4D5E3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8F292FAC
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1C6CB897
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:19C3BC3A
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1451DA58
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E8B5993B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:DE07EBE7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D46ECFD5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D0FE4463
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B9641B31
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B18C4339
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AEC895D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:76A59E49
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3AED98EA
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:33DB8278
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:154D937E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FFA09FC6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FEDC61E9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FA42DF8E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F42B5B0E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F33C37D5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E717F65C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E5A27FE4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AC83EA04
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8E7F155B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7C72DC93
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:769BCDC2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:708BB0FA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:6D192E3A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:67C9F690
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:672C5D08
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:62E3D006
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:4713D9E6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:343BD036
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:2A0793CA
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1F4329D4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:13FB6DB8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0F38F234
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E412AAF2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE892EFB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DA9A5EA8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CF33321C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C8A7CF18
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B19CC382
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B156F3F2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AA60673F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:76FD34B7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6C651D63
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6B50A605
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:66D5476F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:49B561E5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:492679C1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:48F5D95B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3E6C83B9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:30A9E86A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1538E964
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:150E156A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FEB0595A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FC8FFA4E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F8DCF908
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D3CD6049
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CF42D185
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CA408490
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BC38C00C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7AA6FC81
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7776B809
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7624E8B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6FDE1666
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:66AA0486
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5EE1C11F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4F58D818
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4D5FDAEA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E23BF4AD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E1DC0F04
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B19C38E3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A3E22AF0
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:83F26C1E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:723E56EC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:57CC1FDC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4B7E4C1C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:47FE7AB7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:293ADB24
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:248418FF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:164FA86E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:13AE32E5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D3CE40A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D278FB5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:01267597
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:EB825D08
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E50615CD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CBAC0054
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C3B5FCD5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BFAD7A5D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B4CF4C16
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A978F1A8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A17AFE82
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8BB2EC84
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7547DA5B
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1DD8718C
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1B1532BF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:14C5E6A5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:07241935
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FD537E5A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E2C9E369
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:961B4D58
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:870EB3F5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:71DCAB18
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5B43B7AD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4AD2C54D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:459B4633
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:29BCDA07
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0C9CD455
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B3D59B92
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B2AAF611
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B1D4545A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A08FFD4D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:996B0578
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:618849E3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E7801FF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5C3B0036
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2CDB9CA3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:127DC18D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:02B823FE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:00F7B10F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F9A9573A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F38450C8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D8207BE2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B3B7A337
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:8886182C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:69DA000E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5D59B736
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:483AC68A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3FF6432F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2FCCEABB
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1A8BB29B
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:188C91D2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:18173A8E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1794697E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:09064307
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F0762150
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:BD13A410
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B3BAC02F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:AADC76BA
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:97B485E1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9124CA95
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7F65E62F
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:705CCD22
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:68DC65DC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:61A3E318
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:60516BC3
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5CE0D2E5
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3612C9BE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0D713C0D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:086DE893
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08677BDD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:07F32517
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:052A05A1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CE7C61DF
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CE63AEF4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:ABC3EA46
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A97118EB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A2ADBD5A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9E9BA8D0
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8A63122A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:71FA8B7F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:41D53451
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:27F9694E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:23430C4C
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:094E5275
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:EB5BDBB0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E5D28A2A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D669DCA2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CF6CEB7B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:B0B6888E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A2B9AD4B
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8D24023A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69AF9D20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:3A292A91
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AC8ECED1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AAA4166E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:97C84299
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:965253AF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9103B6B8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:882A9125
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:876B6C70
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7E6454EB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4AC9B4B7
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A14F257
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:31080D0E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2DFB075E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:26067A4B
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:12C2EF8D
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E3CEEC4C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DED60D49
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:BB48E5A3
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9AA05701
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:940EEA60
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:8F09BC2E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:891E6CB1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:6444B424
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:626210D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:608F405E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:592D7272
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4573A78F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:2E49D185
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1B7D2A38
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1992908D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F5096B56
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F0A6D4E5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E41267F2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D49F2659
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B46B34C5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:AF66D8C5
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:AEEE1B3B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9C5CEBA4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:6FE17A89
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:5DCF8726
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:51CF9716
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4709F39D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:23C4286D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:21F2B6AF
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:197335E4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:145EE4E0
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:F0D5155A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EE83CC97
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BDC42529
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B904C348
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:938EC881
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:88B0DDFD
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:64A30B7C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:63F8EC77
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:604AF115
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:54D5DB8A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:48F0FFF8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:37B89D69
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1B9E79B3
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1B3349CB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ECCE99EF
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E6D027BB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:D994162E
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:D650D56C
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A41B7315
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7C620921
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:79DB7B30
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7827833B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:6D94BA26
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:432090AB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:067BF339

< End of report >

Here is the extras.text file:


OTL Extras logfile created on: 12/29/2011 6:29:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Specter\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.41 Mb Total Physical Memory | 467.91 Mb Available Physical Memory | 46.17% Memory free
2.94 Gb Paging File | 2.14 Gb Available in Paging File | 73.01% Paging File free
Paging file location(s): c:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.22 Gb Total Space | 80.44 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 4.34 Gb Free Space | 44.91% Space Free | Partition Type: NTFS

Computer Name: C1PDWINVIS | User Name: Specter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-238331562-2711603885-3829185935-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-238331562-2711603885-3829185935-500]
"EnableNotificationsRef" = 2

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002703DF-C79F-44EB-BE14-1C7131B1EA7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{00578B90-85D7-4C03-B0D0-B658CC248A2D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0936A1FC-995B-4F3F-BC22-95D795B5CA3E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0A3245FF-2CC7-4CE4-AEAA-F94C95C3FE4B}" = rport=139 | protocol=6 | dir=out | app=system |
"{0B5D7444-C0A1-49AD-B2CD-2713F52D9750}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0D5F684E-DEA1-4E5B-B499-337A37567ED7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1580B776-E937-43B4-A892-D48BD2875E9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1D66F100-CEDB-4384-8E50-5A8D149EBF56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1DB38936-7077-4F35-90EB-7570FFE24368}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26C3F530-EE83-4F3F-94B9-B13B602220AD}" = lport=138 | protocol=17 | dir=in | app=system |
"{54C1FC34-E3A2-42BE-9231-CFB9D0BDC811}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5874284E-7E3F-48AA-BD43-465E08AAD090}" = rport=137 | protocol=17 | dir=out | app=system |
"{76E86A4E-CEFC-4214-A8B4-163343A129ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{791315A7-2ECA-4FD9-BB16-512485413FC5}" = lport=46307 | protocol=6 | dir=in | name=limewire port |
"{7FC0DB44-B3EC-4814-AAA2-CBB9C64FF833}" = lport=41110 | protocol=6 | dir=in | name=utorrent |
"{8207F202-832E-49B9-A583-630A5DCD0DAF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83E6CDF6-FC14-4D70-AC6E-518033CCEDC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E9E073E-3A88-46D1-B272-608CEEC73CA8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F6DA964-697A-4C58-B765-0893A52A165A}" = lport=139 | protocol=6 | dir=in | app=system |
"{9019814E-2C0F-4DB6-98D2-D907BE523866}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CD594CD-525C-4873-A947-46BF1F1EC317}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{B5B66377-C2B5-419D-967B-1D3AD8F95D9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B79F5C79-2B9B-4EBB-B6C9-039C1E95F81E}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF27F24B-8F5F-41D4-A428-AAAEC895AD32}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF35C96C-E3D6-474A-8695-8FE9372E171C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C4E70484-9096-4119-8915-549DDB130AE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{CDD94389-268D-4785-9E81-06585842576B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3A27A60-A0E4-4D79-A6FC-8BB0E8B24FC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB885ACB-C1DE-4AC7-B5E7-19BD4483669C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F5BB2A54-81AE-46CD-B131-B18222E2F02D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BBAB95-0D20-40C8-9211-E8033CAD0EB4}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{0427AD37-92A5-452D-967A-0D9B8993F981}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{164B83AE-F7CF-475B-B5C4-8EFA24F424FF}" = protocol=1 | dir=in | [email protected],-28543 |
"{1C122AD6-06A6-4106-9E03-359C69AEFA04}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{1FF2516B-5E75-40EE-B434-4B1F770EB979}" = protocol=1 | dir=out | [email protected],-28544 |
"{243EB089-83F4-4155-B503-3D5B3C0D7F01}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{24AE2B1A-0A58-4F16-8251-3284288B995B}" = protocol=1 | dir=in | [email protected],-28543 |
"{2793365A-373A-4D98-894C-2865114AD809}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BC7AC16-D4C8-4FDB-9AC2-A4118DC5305A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{32667F0D-B990-44B3-B524-AB22CC17D794}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37DFE223-A3F7-4F41-9452-BCD32EF91B5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{407F04D1-C18E-47D6-8029-F60A16D2F227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{425DED66-9E22-4ED0-A8DF-E98642F2076E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{4881EF76-AD92-4DBA-91A6-14FE278AAE13}" = protocol=6 | dir=out | app=system |
"{56990D29-963E-4AF2-A588-E671473F45C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A00EB59-6316-4E01-846F-EBF83B96468D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5F1FE8AB-ABEA-4037-936C-F4935BF98C6A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{623DBE3C-0085-4201-B6A6-91D8EAE82771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6291FE2C-5131-4FE7-8DC0-13A166D47307}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75BB47F1-4E5C-42E2-B797-B1EB93846C53}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{77B71C52-BA46-41F4-974D-7E42A92A2F4E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{788DD1F8-F39E-40CA-B65A-D3F28AC7B9F8}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{82AEEE14-291D-4290-B0DA-81B25DD89ACA}" = protocol=1 | dir=out | [email protected],-28544 |
"{901ECE7C-436E-4FE4-A69A-8DD7C5B08B11}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{922C5DD5-E05F-4AA3-B9E6-CA44CC037634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EB5DD89-BDAE-42FD-A2C7-032A2A93F074}" = protocol=58 | dir=out | [email protected],-28546 |
"{A14EEEFA-9DA2-403F-96DF-B4144572F416}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A3802957-1D7A-40BB-9AEB-FBB246659BF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5958463-3507-4E50-8F7C-FA687BA77A75}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{A6359B43-0B39-4A36-BAB7-723277A83052}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD470D81-E22F-421C-8B0C-B2D4D228D2BE}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B66EBC7F-5C6B-4FE3-AC0B-35FB3F71335E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B9A7690C-E6D8-4CEC-9AF4-575DA62CA1C1}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{BB080AE0-05C5-440F-996B-E0EBEAEA6549}" = protocol=58 | dir=out | app=system |
"{C059E5B8-D3F5-4CCB-8A57-DA77C8F3D2EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6D1A67D-1871-404C-83D6-E25285BF5153}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB10C519-9094-42D5-B0F8-7B618D54C5C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBB5CB24-F25E-4699-9C55-E5A36ECDE91D}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D2A6BDF0-F770-4730-B8A4-292425CD8436}" = protocol=58 | dir=in | [email protected],-28545 |
"{D2E15CFC-088E-4CFF-ADBE-41568152ED2A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D2EF1CDC-D238-4B21-9D69-CEA031EE159F}" = protocol=58 | dir=in | [email protected],-28545 |
"{D4ECB10E-90A3-4541-9A1C-2C3E7C3A05A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFAE53AD-AAA8-46C4-A968-1BB3032BEC2A}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{FCC7553C-4CD1-45BE-B04A-1F728BA3C260}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEC34EE3-8CB4-4FB6-815E-BF01D3F23F10}" = protocol=58 | dir=out | [email protected],-28546 |
"{FF1B5A30-B565-422A-B184-6BD7CB36E175}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{00999126-2964-4D72-82B0-F6CBDFEC585E}C:\users\specter\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\specter\program files\utorrent\utorrent.exe |
"TCP Query User{1C14DFBC-CF73-4F5D-935C-6D8CAE23480C}C:\users\specter\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\specter\program files\utorrent\utorrent.exe |
"TCP Query User{1C3C0240-346C-4494-9648-B65FECACA874}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{4B94E437-B119-4C33-9FD7-DA5F2AF8B995}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{72694265-ACC6-4CCE-8A47-EAACDFB4F59D}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{8ACDE373-BB52-4739-A5AE-294E958BEEBB}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{D9CFA30C-F6F1-4764-BEFB-C75CADD10B19}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{2F3FCBEE-7BE7-4C48-BFF5-587F5E22564D}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{48C4B30E-565B-40FE-B606-97649C43F695}C:\users\specter\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\specter\program files\utorrent\utorrent.exe |
"UDP Query User{8571F8F0-2B2F-4742-B8AE-C064E0A763FC}C:\users\specter\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\specter\program files\utorrent\utorrent.exe |
"UDP Query User{BA6555F7-ADE0-4E4D-BCF9-3C42CB1D1151}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{D0A8958F-4A06-4977-838E-A5301841DA4A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EDE4E291-C0D4-4C73-8E15-6AC54F3D86D7}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{EDEE3CEE-A393-4DF9-82AD-95374CBD77F3}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0FADC5B1-E0E8-4DCA-A1BF-8B3B6496207A}" = Form Fill (Windows Live Toolbar)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59932D51-F260-4EF6-A784-4F69659F1A62}" = Map Button (Windows Live Toolbar)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117860440}" = Avenue Flo
"{84D67E65-18B5-4AED-8405-04FA3CD588EC}" = Highlight Viewer (Windows Live Toolbar)
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D5EA1755-1899-4380-A4BA-83840648CBDA}" = Valued Opinions Technology Tracking Application
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4 Elements_is1" = 4 Elements
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aleks 3.12" = Aleks 3.12
"Aleks 3.8" = Aleks 3.8
"All Occasions EZ Cards" = All Occasions EZ Cards
"Aqua Pearls_is1" = Aqua Pearls
"Aquatic of Sherwood_is1" = Aquatic of Sherwood
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babysitting Mania_is1" = Babysitting Mania
"BFG-Atlantis" = Atlantis
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic™
"BFG-Lost in the City" = Lost in the City ™
"BFG-Magic Vines" = Magic Vines&trade;
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Stories - Mountains of Madness" = Mystery Stories - Mountains of Madness
"BFG-Spa Mania" = Spa Mania
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold ™
"Bubble Ice Age_is1" = Bubble Ice Age
"BusinessCardsMX3_is1" = BusinessCardsMX 3.92
"Cave Days_is1" = Cave Days
"CloneCD" = CloneCD
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dairy Dash_is1" = Dairy Dash
"Desktop Icon Toy_is1" = Desktop Icon Toy 4.0
"DragonStone" = DragonStone (remove only)
"EasyCalendarMaker_is1" = EasyCalendarMaker
"ESET Online Scanner" = ESET Online Scanner v3
"exent_466550" = The Treasures of Montezuma
"exent_595050" = Discovery! A Seek and Find Adventure
"exent_629350" = Virtual Villagers 2: The Lost Children
"Family Restaurant Free Trial_is1" = Family Restaurant Free Trial
"Farmers Market_is1" = Farmers Market
"FarmFrenzyPizzaParty" = FarmFrenzyPizzaParty (remove only)
"Feedback Analyzer2.0.1.2" = Feedback Analyzer
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Fishdom Free Trial_is1" = Fishdom Free Trial
"GameHouse" = GameHouse
"Gold Miner: Vegas" = Gold Miner: Vegas
"Google Desktop" = Google Desktop
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Heartwild Solitaire" = Heartwild Solitaire
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Interpol 2: Most Wanted" = Interpol 2: Most Wanted (remove only)
"iWinArcade" = iWin Games (remove only)
"Jane's Hotel. Family Hero_is1" = Jane's Hotel. Family Hero
"Jane's Hotel_is1" = Jane's Hotel
"Jenkat Games Arcade" = Jenkat Games Arcade
"Kasamba Communication Suite" = Kasamba Communication Suite
"king.com" = king.com (remove only)
"Luxor" = Luxor (remove only)
"Magic Academy_is1" = Magic Academy
"Magic Farm_is1" = Magic Farm
"Magic Inlay_is1" = Magic Inlay
"Magic Match The Genies Journey_is1" = Magic Match The Genies Journey
"Magic Shop_is1" = Magic Shop
"Magic Tale_is1" = Magic Tale
"Mah Jong Adventures_is1" = Mah Jong Adventures
"Mahjong Garden To Go_is1" = Mahjong Garden To Go
"Mahjong Roadshow_is1" = Mahjong Roadshow
"Mahjongg Investigations_is1" = Mahjongg Investigations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marblez_is1" = Marblez
"MaxGammon_is1" = MaxGammon
"MegaStat 9.1" = MegaStat 9.1
"MegaStat Excel 2007" = MegaStat Excel 2007
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mind Your Marbles_is1" = Mind Your Marbles
"Miriel The Magical Merchant_is1" = Miriel The Magical Merchant
"mirielsenchantedmystery" = Miriel's Enchanted Mystery
"Money2006b" = Microsoft Money 2006
"Mortimer and the Enchanted Castle_is1" = Mortimer and the Enchanted Castle
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MUSHclient" = MUSHclient (remove only)
"Mystery Case Files Huntsville_is1" = Mystery Case Files Huntsville
"Mystery Case Files Madame Fate_is1" = Mystery Case Files Madame Fate
"Mystery Cookbook_is1" = Mystery Cookbook
"Mystery Stories Island of Hope" = Mystery Stories Island of Hope (remove only)
"Mysteryville 2_is1" = Mysteryville 2
"Mysteryville_is1" = Mysteryville
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NetSight" = Nielsen//NetRatings
"Orchard" = Orchard
"Pastry Passion Free Trial_is1" = Pastry Passion Free Trial
"Pastry Passion_is1" = Pastry Passion
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"Posh Boutique Free Trial_is1" = Posh Boutique Free Trial
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Resource Tuner_is1" = Resource Tuner 1.99
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shape Solitaire_is1" = Shape Solitaire
"SkillJam SecurePlayer" = Secure Game Player
"Snow Ball_is1" = Snow Ball
"Solitaire Epic" = Solitaire Epic
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13
"Sproink" = Sproink (remove only)
"STANDARDR" = Microsoft Office Standard 2007 Trial
"Strange Cases The Tarot Card Mystery 1.00" = Strange Cases The Tarot Card Mystery 1.00
"SupermarketMania" = SupermarketMania (remove only)
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Total Network Monitor_is1" = Total Network Monitor 1.0.1 (build 1100)
"Turbo Subs" = Turbo Subs (remove only)
"Video Poker/Video Blackjack" = Video Poker/Video Blackjack
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.6
"WildTangent emachines Master Uninstall" = eMachines Games
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Winter Wonderland (Diner Dash Hometown Hero - Gourmet)" = Winter Wonderland (Diner Dash Hometown Hero - Gourmet)
"WM Recorder 11.3" = WM Recorder 11.3
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! IE Suggest" = Yahoo! IE Search Suggest
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mythic Adventure" = Mythic Adventure
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2011 12:22:22 AM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/26/2011 5:24:41 PM | Computer Name = C1PDWINVIS | Source = Application Error | ID = 1000
Description = Faulting application NielsenOnline.exe, version 5.2.0.5, time stamp
0x49a5d17b, faulting module npap.dll, version 5.2.7.32, time stamp 0x4d5edab4,
exception code 0xc0000005, fault offset 0x0005057b, process id 0xdd0, application
start time 0x01ccc40efb7877c9.

Error - 12/27/2011 5:49:44 PM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/27/2011 7:53:21 PM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/28/2011 8:44:27 AM | Computer Name = C1PDWINVIS | Source = Application Error | ID = 1000
Description = Faulting application NielsenOnline.exe, version 5.2.0.5, time stamp
0x49a5d17b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x020c0dc0, process id 0xc24, application start time
0x01ccc55968d2006c.

Error - 12/28/2011 8:49:22 AM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/28/2011 8:56:11 AM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/29/2011 3:28:10 AM | Computer Name = C1PDWINVIS | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Users\Specter\Downloads\msert.exe".Error
in manifest or policy file "C:\Users\Specter\Downloads\msert.exe" on line 0. Invalid
Xml syntax.

Error - 12/29/2011 5:25:21 AM | Computer Name = C1PDWINVIS | Source = Chrome | ID = 1
Description =

Error - 12/29/2011 5:32:40 PM | Computer Name = C1PDWINVIS | Source = Application Error | ID = 1000
Description = Faulting application NielsenOnline.exe, version 5.2.0.5, time stamp
0x49a5d17b, faulting module npap.dll, version 5.2.7.32, time stamp 0x4d5edab4,
exception code 0xc0000005, fault offset 0x0005057b, process id 0xc88, application
start time 0x01ccc660245128c3.

[ Media Center Events ]
Error - 12/5/2008 2:54:59 PM | Computer Name = C1PDWINVIS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/8/2009 5:14:26 PM | Computer Name = C1PDWINVIS | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/30/2009 12:18:45 AM | Computer Name = C1PDWINVIS | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/11/2009 9:00:24 AM | Computer Name = C1PDWINVIS | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping MSN.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 1/3/2009 1:03:48 AM | Computer Name = C1PDWINVIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 166
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/27/2009 1:53:50 PM | Computer Name = C1PDWINVIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/11/2011 3:01:25 AM | Computer Name = C1PDWINVIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12014
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/29/2011 2:59:23 AM | Computer Name = C1PDWINVIS | Source = PlugPlayManager | ID = 12
Description = The device 'Multimedia Card Reader' (USB\VID_058F&PID_6377\920321111113)
disappeared from the system without first being prepared for removal.

Error - 12/29/2011 2:59:23 AM | Computer Name = C1PDWINVIS | Source = PlugPlayManager | ID = 12
Description = The device 'Generic USB SD Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00\920321111113&0)
disappeared from the system without first being prepared for removal.

Error - 12/29/2011 2:59:23 AM | Computer Name = C1PDWINVIS | Source = PlugPlayManager | ID = 12
Description = The device 'Generic USB CF Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01\920321111113&1)
disappeared from the system without first being prepared for removal.

Error - 12/29/2011 2:59:23 AM | Computer Name = C1PDWINVIS | Source = PlugPlayManager | ID = 12
Description = The device 'Generic USB SM Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02\920321111113&2)
disappeared from the system without first being prepared for removal.

Error - 12/29/2011 2:59:23 AM | Computer Name = C1PDWINVIS | Source = PlugPlayManager | ID = 12
Description = The device 'Generic USB MS Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03\920321111113&3)
disappeared from the system without first being prepared for removal.

Error - 12/29/2011 3:28:16 PM | Computer Name = C1PDWINVIS | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:26:27 PM on 12/29/2011 was unexpected.

Error - 12/29/2011 3:29:30 PM | Computer Name = C1PDWINVIS | Source = Service Control Manager | ID = 7023
Description =

Error - 12/29/2011 3:29:30 PM | Computer Name = C1PDWINVIS | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2011 6:55:04 PM | Computer Name = C1PDWINVIS | Source = Service Control Manager | ID = 7023
Description =

Error - 12/29/2011 6:55:04 PM | Computer Name = C1PDWINVIS | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Thanks for posting those. there are some issues. While i sort them out, I have seen evidence of McAfee and Avira, Also, the malwarebytes is not latest version. I need to know if you have McAfee and Avira both active at same time , If so. disable one of them. Then i want you to go and get latest Free Malwarebytes ( mbam ) update and do a full scan in normal mode , Do not remove anything, but, post the log here for us to look at first. Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer This has latest version, make sure you update it , then please run it. then post the text log of its results.

:alarm: P2P Warning :alarm:

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

I am only using Avira at this time. Here is the Malwarebytes log. And the Utorrent thing was used by my son, I don't use it.


Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2011.12.31.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16890
Specter :: C1PDWINVIS [administrator]

12/31/2011 9:34:43 AM
mbam-log-2011-12-31 (09-34-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 513198
Time elapsed: 2 hour(s), 57 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thank you for that log. Would you do the following for me please : HijackThis

Please download HijackThis from Trend Micro - Hijackthis

Click on the "Do a system scan and save a log file" button. Attach the log with your next post

Sometimes you can rid of these by just doing a system restore.

Please download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe

*** you will need to right click and run HJT as Administrator http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

combofix is not letting me do anything. It brings up a little box that says administrator on it, looks like it is extracting something, then disappears. Another box pops up saying I can not rename it, to find a different name, and then that box disappears. How do I rename it and how do I get the box to stay on my pc long enough to do something?

combofix.txt:


ComboFix 12-01-02.01 - Specter 01/02/2012 5:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.275 [GMT -7:00]
Running from: c:\users\Specter\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\windows
c:\users\Specter\Activate.exe
c:\users\Specter\AppData\Local\.#
c:\users\Specter\AppData\Local\.#\MBX@1160@A22728.###
c:\users\Specter\AppData\Local\.#\MBX@1160@A22758.###
c:\users\Specter\AppData\Roaming\.#
c:\users\Specter\AppData\Roaming\.#\MBX@11A0@392918.###
c:\users\Specter\AppData\Roaming\.#\MBX@11A0@392948.###
c:\users\Specter\AppData\Roaming\.#\MBX@11A0@392978.###
c:\windows\system32\CF26612.exe
c:\windows\system32\images
c:\windows\system32\images\w3.jpg
c:\windows\XSxS
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 13:01 . 2012-01-02 13:04 -------- d-----w- c:\users\Specter\AppData\Local\temp
2012-01-02 13:01 . 2012-01-02 13:01 -------- d-----w- c:\users\Tali's account\AppData\Local\temp
2012-01-02 13:01 . 2012-01-02 13:01 -------- d-----w- c:\users\Julie\AppData\Local\temp
2012-01-02 13:01 . 2012-01-02 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 00:40 . 2011-12-30 00:40 102400 ----a-w- c:\windows\RegBootClean.exe
2011-12-22 14:50 . 2010-10-05 00:55 556032 ----a-w- c:\program files\Mozilla Firefox\components\nsgkff20_meter9.dll
2011-12-14 21:38 . 2011-12-14 21:38 644368 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 22:24 . 2010-07-17 01:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-08-13 00:01 . 2007-08-13 00:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-01-01 00:50 . 2007-11-26 02:45 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-01 00:50 . 2007-11-26 02:45 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-01 00:50 . 2007-11-26 02:45 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-10-05 00:55 . 2011-12-22 14:50 556032 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter9.dll
2009-01-01 00:50 . 2007-11-26 02:45 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-01 00:50 . 2007-11-26 02:45 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2010-02-10 17:04 72704 ----a-w- c:\users\Specter\AppData\Local\Valued Opinions\PanelApp\pahelper_1401.2010.0128.1601.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2009-12-23 454656]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-02-25 45056]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2010-08-19 40960]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-07 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Specter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Connect Kasamba.lnk]
backup=c:\windows\pss\Connect Kasamba.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Specter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
path=c:\users\Specter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
backup=c:\windows\pss\iWin Desktop Alerts.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Specter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mbam-setup.exe]
path=c:\users\Specter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbam-setup.exe
backup=c:\windows\pss\mbam-setup.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-03 16:21 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2006-11-07 22:08 547840 ----a-w- c:\windows\zHotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2010-07-18 17:54 1774080 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-05-30 07:28 1986608 ----a-w- c:\program files\FlashGet\flashget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-02-16 21:59 240640 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 04:37 133104 ----atw- c:\users\Specter\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1181340694\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-12-12 18:03 106496 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-12-12 18:02 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 15:14 270648 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jenkat Arcade]
2010-10-07 10:31 221184 ----a-w- c:\users\Specter\AppData\Roaming\Jenkat\Jenkat Games Arcade\NotifyApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-25 00:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-25 00:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModPS2]
2006-11-07 22:34 53248 ----a-w- c:\windows\ModPS2Key.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PanelApp]
2009-09-14 21:56 31232 ----a-w- c:\users\Specter\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-12-12 18:02 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 15:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwest 11n Wireless WPS Tool]
2010-04-23 16:34 1191936 ----a-w- c:\program files\Qwest 11n Wireless WPS Tool\WpsCenterV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2005-01-27 17:13 36864 ----a-w- c:\windows\ShowWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
2008-12-09 04:35 481280 ----a-w- c:\program files\SRS Labs\Audio Sandbox\srsssc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-26 10:25 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-16 08:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-01-10 17:37 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2006-04-29 13:21 94208 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-06-17 20:30 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"G2"="c:\program files\GamingSquared\Gaming2\G2.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-238331562-2711603885-3829185935-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-238331562-2711603885-3829185935-500]
"EnableNotificationsRef"=dword:00000002
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.Sys [x]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-10-07 116608]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 AutoInstallEJCD;Auto Install Eject CD Service;c:\users\Specter\AppData\Local\Temp\RarSFX1\AutoInstallEJCDSVC.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]
R3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-07-07 176408]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [2009-09-14 90624]
R3 QW720V32;Qwest 802.11n XN720 Driver(vista);c:\windows\system32\DRIVERS\WLANUHN.sys [2010-04-23 449536]
R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S0 AFS;AFS; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-08 639224]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter9\nnfwdk.sys [2010-10-05 22064]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-10-07 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-10-07 67664]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-04 306496]
S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.Sys [2010-03-11 56352]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:00]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:00]
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-238331562-2711603885-3829185935-1000Core.job
- c:\users\Specter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-24 04:37]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-238331562-2711603885-3829185935-1000UA.job
- c:\users\Specter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-24 04:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?704834&2d68374132e7e862d4931143b094c5cf
mStart Page = hxxp://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: worldwinner.com\%20www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {15589FA1-C456-11CE-BF01-000000000000} - hxxp://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
FF - ProfilePath - c:\users\Specter\AppData\Roaming\Mozilla\Firefox\Profiles\ulglzdpz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=524517&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - (no file)
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-BFG-Treasure Seekers - Visions of Gold - c:\program files\Treasure Seekers - Visions of Gold\Uninstall.exe
AddRemove-Feedback Analyzer2.0.1.2 - c:\windows\AuctionYen\uninstall.exe
AddRemove-Video Blackjack - c:\program files\Cosmi\VPB\DeIsL1.isu
AddRemove-Zuma Deluxe 1.0 - c:\program files\PopCap Games\Zuma Deluxe\PopUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-02 06:03
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-01-02 06:09:09
ComboFix-quarantined-files.txt 2012-01-02 13:09
.
Pre-Run: 86,020,603,904 bytes free
Post-Run: 87,086,903,296 bytes free
.
- - End Of File - - 686AFC6DB5C42F5B854EEFCADA5956CE


HJT log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:26 AM, on 1/2/2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Specter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Specter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Specter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Specter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Specter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = A Swarm of Free Traffic to Your Site Guaranteed! Get Targeted Free Advertising with TrafficSwarm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Internet Explorer 6 Search Companion is no longer supported.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Big Fish Games Toolbar - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\AR9170_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) -
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Auto Install Eject CD Service (AutoInstallEJCD) - Unknown owner - C:\Users\Specter\AppData\Local\Temp\RarSFX1\AutoInstallEJCDSVC.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9950 bytes

I can not get my Avira to open so that I can turn it back on. I have double clicked on it, right clicked and open, and clicked on run as administrator, and nothing is working. Help