Jump to content

juliofelipe

Honorary Members
 View Profile  See their activity

  • Posts

    31

  • Joined

  • Last visited

 Content Type 

Everything posted by juliofelipe

  1. juliofelipe
    Cool. I ran those couple of things and I installed the programs that you suggested. Thanks again for all of your help. You are much appreciated. JF
  2. juliofelipe
    Nope - I think we're all good. Thanks so much for all of your help. JF
  3. juliofelipe
    I think that might have fixed the pop-up issue. Here's the log from AdwCleaner. # AdwCleaner v2.115 - Logfile created 04/01/2013 at 16:01:00 # Updated 17/03/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Compaq_Administrator - HADDY # Boot Mode : Normal # Running from : C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\extensions\crossriderapp4493@crossrider.com Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\Searchqutoolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\Searchqutoolbar Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Coupon Companion Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PackageAware Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Coupon Companion Folder Deleted : C:\Program Files\FreeRIP3 Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Program Files\Yontoo Layers Runtime Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Crossrider Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\SanctionedMedia Key Deleted : HKCU\Software\searchqutoolbar Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\prefs.js C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\user.js ... Deleted ! Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359860807); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...] Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.active", true); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n"); Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 38); Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359860807"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359860807"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1361285542"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Wed Apr 03 2013 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363927447"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221364833278%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648339%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359907218489"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22138709%22"); Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...] Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359907206812"); Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.domain", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false); Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "85"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Mon Apr 01[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D"); Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...] Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...] Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...] Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion"); Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 35); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.name", "omniCommands"); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.ver", 1); Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,10000[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...] Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72"); Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 61); Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps"); Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false); Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", ""); Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 85); Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1); Deleted : user_pref("extensions.crossriderapp4493.apps", "4493"); Deleted : user_pref("extensions.crossriderapp4493.bic", "13c9e0e175f334feb9a4da8d4df06c2c"); Deleted : user_pref("extensions.crossriderapp4493.cid", 4493); Deleted : user_pref("extensions.crossriderapp4493.firstrun", false); Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1359861389); Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22747169); Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22747529); Deleted : user_pref("extensions.crossriderapp4493.modetype", "production"); Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true); Deleted : user_pref("extensions.crossriderapp4493.statsDailyCounter", 52); Deleted : user_pref("extensions.enabledAddons", "moveplayer%40movenetworks.com:1.0.0.071303000006,%7Ba0d7ccb3-[...] File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\prefs.js Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1); -\\ Google Chrome v26.0.1410.43 File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [25253 octets] - [01/04/2013 16:01:00] ########## EOF - C:\AdwCleaner[s1].txt - [25314 octets] ##########
  4. juliofelipe
    Yay! I can see my photo and video files When I plugged the camera back in, the files were visible but were that light semi-transparent look - like when you are going to cut a file/folder before pasting it somewhere else. But when I ran the attrib command, the folders looked solid again. Thanks! I updated java and adobe reader, so that is taken care of. Below is the log from OTL. One other thing I want to bring up. I'm starting to get pop-ups on my browser (firefox) and I've never had a problem with unwanted pop-ups. Now every so often I click a link and a blank pop-up page comes up, and the link I had clicked didn't go through. So, I have to close the pop-up window and then click the link again to get to the page I wanted. When I clicked the link to download the adobe reader update, I got this pop-up instead. Here is the address that appeared on that pop-up - http://serve.bannersdontwork.com/serve?size=800x600&referer=adobe.com&m=false. Thanks! JF ========== OTL ========== C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 04012013_112119
  5. juliofelipe
    Part 2 - Here is the Extras output file. OTL Extras logfile created on: 4/1/2013 8:52:41 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.49% Memory free 4.18 Gb Paging File | 3.04 Gb Available in Paging File | 72.75% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.37 Gb Total Space | 17.51 Gb Free Space | 9.81% Space Free | Partition Type: NTFS Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.07% Space Free | Partition Type: FAT32 Drive F: | 69.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive N: | 29.87 Gb Total Space | 8.06 Gb Free Space | 26.98% Space Free | Partition Type: FAT32 Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Disabled:Compaq Connections -- (Hewlett-Packard) "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DSH -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\Brother\Brmfl10g\FAXRX.exe" = C:\Program Files\Brother\Brmfl10g\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW "{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro "{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5 "{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6 "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content "{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091 "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper "{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta) "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6C91041E-406E-C082-0D03-75D4BC9C6CB0}" = Picaboo X "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6EC0A77B-AFAF-4B9A-A2AF-412589CF5FF6}" = Eudora "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0 "{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{B9273566-6E0A-4A87-AABB-08A0733ECE8E}" = MEET MANAGER 2.0 for Track & Field "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite "{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4 "{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview "{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0 "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{E722A962-E87D-CB6B-EB1E-27AD13D0F577}" = AMD Parental Control & Encoder "{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari "{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player "{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only) "05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only) "0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D" = Zuma Deluxe from Compaq (remove only) "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only) "3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only) "3B3B73D1-DC4A-4780-B0E4-E823D08B3397" = 5 Card Slingo from Compaq (remove only) "422C7575-C10D-4795-87FA-9972765379E6" = Mah Jong Quest from Compaq (remove only) "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "52AEBC18-F252-4B0C-B3E1-724537D9F873" = Ricochet Lost Worlds from Compaq (remove only) "53474592-01BC-4338-8647-FE350957D912" = Barnyard Invasion from Compaq (remove only) "5AF1DD17-7B06-45EF-8592-2E524E458BAB" = Insaniquarium Deluxe from Compaq (remove only) "63E4EC24-7173-4E1F-9C77-B4403CBCF91F" = Lemonade Tycoon 2 from Compaq (remove only) "66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only) "75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only) "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007 "85CF9BF3-1057-468C-962D-31BAABC6AC72" = FATE from Compaq (remove only) "8D11F98B-4931-44F6-8FC6-971CCBBBB131" = Snowboard SuperJam from Compaq (remove only) "9448DE42-C017-4A3E-A0BB-C50BF673E9E0" = Chuzzle Deluxe from Compaq (remove only) "997DD523-B925-4C73-970B-C201E8F781AD" = AstroPop Deluxe from Compaq (remove only) "9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only) "AC3ACM" = AC-3 ACM Codec "Adobe AIR" = Adobe AIR "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 4.1.0422 "Allok Video Joiner_is1" = Allok Video Joiner 3.3.1116 "ATI Display Driver" = ATI Display Driver "AutoGK" = Auto Gordian Knot 2.40 "AVI Joiner_is1" = AVI Joiner "AVI Splitter_is1" = AVI Splitter "Avi2Dvd" = Avi2Dvd 0.4.4 beta "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "AwayMode160" = Microsoft Away Mode "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only) "BBE9E0F3-11F7-4424-9905-8E0153E872C1" = Family Feud "BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only) "C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only) "C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B" = Boggle Supreme from Compaq (remove only) "CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only) "CalorieKing.com Diet Diary for PalmOS" = CalorieKing.com Diet Diary for PalmOS "CCleaner" = CCleaner (remove only) "com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X "Coupon Companion" = Coupon Companion "D84AC71A-75E8-4709-8BA5-4B46EAC00C5E" = Bejeweled 2 Deluxe from Compaq (remove only) "DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only) "DISCover" = DISCover "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010) "DVDx_is1" = DVDx "E1A0F769-A43A-4DDB-9F73-12791E453557" = Puzzle Express from Compaq (remove only) "E618FC78-EE4F-4243-8409-078EB5E0B1F6" = Bookworm Deluxe from Compaq (remove only) "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "EsetOnlineScanner" = ESET Online Scanner "exPressit S.E. 2.2" = exPressit S.E. 2.2 "F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only) "F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9" = Slingo Deluxe from Compaq (remove only) "FA6A73EB-40AB-4B58-851D-3892B3C10EF6" = SCRABBLE from Compaq (remove only) "FileHippo.com" = FileHippo.com Update Checker "FLVPlayer" = FLV Player 1.3.3 "Forte Agent" = Forté Agent "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95 "Free WMA MP3 Converter" = Free WMA MP3 Converter "Google Chrome" = Google Chrome "GSpot" = GSpot Codec Information Appliance "HaaliMkx" = Haali Media Splitter "HP Game Console" = HP Game Console and games "HP Imaging Device Functions" = HP Imaging Device Functions 6.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.0 "HP Rhapsody" = HP Rhapsody "HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InFlac" = InFlac 1.1.1 "InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "InstallShield_{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "IsoBuster_is1" = IsoBuster 2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Matroska Pack" = Matroska Pack "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Money2006b" = Microsoft Money 2006 "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Netscape Browser" = Netscape Browser (remove only) "NetSight" = Nielsen "Nike+ Connect" = Nike+ Connect "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Open Video Joiner_is1" = Open Video Joiner version 3.1 "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9 "PG-1-278" = MultiLane version 1.0 "Photo Viewer_is1" = Photo Viewer 2.4 "Photo2DVD Studio_is1" = Photo2DVD Studio Build 4.8.0.1 "PS2" = PS2 "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "RealPlayer 12.0" = RealPlayer "SaveVid Plug-in" = SaveVid Plug-in "SPSS for Windows 11.5" = SPSS 11.5 for Windows "Sqirlz Morph" = Sqirlz Morph "SubtitleCreator" = SubtitleCreator "SugarSync" = SugarSync Manager "TuneUpMedia" = TuneUp Companion 2.4.6.4 "TurboTax 2008" = TurboTax 2008 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006 "TurboTax Premier 2007" = TurboTax Premier 2007 "Tweak UI 2.10" = Tweak UI "Video Cleaner" = River Past Video Cleaner "VLC media player" = VLC media player 2.0.1 "VobSub" = VobSub v2.23 (Remove Only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinMorph_is1" = WinMorph™ 3.01 "WinRAR archiver" = WinRAR 4.11 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "XviD_is1" = XviD 1.1 final uninstall "XviD4PSP5_is1" = XviD4PSP 5.10.271.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/24/2013 7:07:05 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:07:05.752]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:08:14 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:08:14.752]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/31/2013 11:37:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:37:26.828]: [00002164]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 3/31/2013 11:37:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:37:26.828]: [00002164]: Initialize TwdsMain Class failed! Error - 3/31/2013 11:38:12 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:38:12.000]: [00002164]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 3/31/2013 11:38:12 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:38:12.000]: [00002164]: Initialize TwdsMain Class failed! Error - 3/31/2013 11:39:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:39:47.843]: [00002164]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 3/31/2013 11:39:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/31 20:39:47.843]: [00002164]: Initialize TwdsMain Class failed! Error - 4/1/2013 11:27:17 AM | Computer Name = HADDY | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 19.0.2.4814, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/1/2013 11:27:50 AM | Computer Name = HADDY | Source = Application Hang | ID = 1002 Description = Hanging application Compaq Connections.exe, version 6.3.2.116, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error - 3/30/2013 3:52:35 PM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/31/2013 4:01:17 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. < End of report >
  6. juliofelipe
    I ran unhide and the output said it found 455 files, but I'm still not seeing them on Windows Explorer? Here are all of the output files. First Unhide, then OTL, then Extras. Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 04/01/2013 08:34:23 AM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 379046 files processed. Processing the D:\ drive Finished processing the D:\ drive. 16338 files processed. Processing the G:\ drive Finished processing the G:\ drive. 0 files processed. Processing the H:\ drive Finished processing the H:\ drive. 0 files processed. Processing the I:\ drive Finished processing the I:\ drive. 0 files processed. Processing the J:\ drive Finished processing the J:\ drive. 0 files processed. Processing the N:\ drive Finished processing the N:\ drive. 455 files processed. The C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Program finished at: 04/01/2013 08:49:41 AM Execution time: 0 hours(s), 15 minute(s), and 18 seconds(s) OTL logfile created on: 4/1/2013 8:52:41 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.49% Memory free 4.18 Gb Paging File | 3.04 Gb Available in Paging File | 72.75% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.37 Gb Total Space | 17.51 Gb Free Space | 9.81% Space Free | Partition Type: NTFS Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.07% Space Free | Partition Type: FAT32 Drive F: | 69.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive N: | 29.87 Gb Total Space | 8.06 Gb Free Space | 26.98% Space Free | Partition Type: FAT32 Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe PRC - [2013/01/24 01:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe PRC - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe PRC - [2012/09/28 20:45:33 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/05/19 17:14:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2012/02/24 05:49:52 | 000,093,504 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe PRC - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe PRC - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2010/11/03 03:26:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/10/01 08:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/08/09 05:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\nero\Update\NASvc.exe PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/18 09:49:40 | 000,757,760 | ---- | M] (Giganews, Inc.) -- C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe PRC - [2005/11/11 14:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe PRC - [2005/11/11 14:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe PRC - [2005/11/11 14:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe PRC - [2005/11/11 14:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe PRC - [2005/11/01 03:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe PRC - [2005/08/02 17:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe PRC - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013/03/30 13:04:21 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2013/03/30 13:04:20 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2013/02/14 04:12:07 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll MOD - [2013/02/14 04:11:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013/02/14 04:10:53 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013/02/14 04:07:24 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013/02/14 04:04:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2013/02/14 04:04:04 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013/02/14 04:04:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013/02/14 04:04:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/02/14 04:04:00 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2013/02/14 04:03:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2013/02/14 04:03:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2013/02/14 04:03:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013/02/14 04:03:41 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013/02/14 04:03:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2013/01/09 04:19:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 04:19:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013/01/09 04:16:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013/01/09 04:16:34 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013/01/09 04:15:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013/01/09 04:15:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013/01/09 04:05:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1e116300\mscorlib.dll MOD - [2013/01/09 04:04:57 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6ea43965\system.drawing.dll MOD - [2013/01/09 04:04:51 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0203b7a4\system.xml.dll MOD - [2013/01/09 04:04:47 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f63600c2\system.windows.forms.dll MOD - [2013/01/09 04:04:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b7aa3e59\system.dll MOD - [2013/01/09 04:04:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2013/01/09 04:04:29 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2013/01/09 04:04:28 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2013/01/09 04:04:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2012/10/29 10:39:36 | 000,502,784 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll MOD - [2012/10/29 10:36:12 | 000,753,664 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll MOD - [2012/10/29 10:35:06 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll MOD - [2012/10/29 10:34:50 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll MOD - [2012/10/29 10:34:42 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll MOD - [2012/10/29 10:34:32 | 000,503,808 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll MOD - [2012/02/21 04:58:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll MOD - [2012/02/21 04:48:18 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll MOD - [2012/02/21 04:48:11 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll MOD - [2012/02/21 04:48:07 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll MOD - [2012/02/21 04:41:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll MOD - [2012/02/21 04:40:32 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll MOD - [2012/02/21 04:39:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll MOD - [2012/02/21 04:38:49 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll MOD - [2012/02/21 04:38:19 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll MOD - [2012/02/21 04:38:10 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll MOD - [2012/02/21 04:37:58 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll MOD - [2012/02/21 04:37:45 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll MOD - [2012/02/21 04:37:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2011/12/17 08:48:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011/12/17 08:48:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2011/01/20 21:53:20 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/01/20 21:53:20 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/01/20 21:53:18 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/01/20 21:53:18 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/01/20 21:53:18 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/01/20 21:53:18 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/01/20 21:53:18 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/01/20 21:53:17 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/01/20 21:53:17 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2011/01/20 21:53:17 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/01/20 21:53:17 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/06/13 12:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010/01/27 22:16:47 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/01/27 22:16:47 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/01/27 22:16:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/01/27 22:16:45 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/27 22:16:44 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/01/27 22:16:44 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/27 22:16:43 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/01/27 22:16:42 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/01/27 22:16:42 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/01/27 22:16:42 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll MOD - [2009/03/07 11:36:53 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2009/03/07 11:36:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2009/03/07 11:36:52 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2009/03/07 11:36:52 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2009/03/07 11:36:52 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2009/03/07 11:36:52 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/02/28 11:30:08 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2009/02/28 11:30:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2009/02/28 11:30:05 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2009/02/28 11:20:54 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2009/02/28 11:20:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2009/02/28 11:20:50 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MOD - [2009/02/28 11:20:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/02/28 11:20:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MOD - [2009/02/28 11:20:49 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2006/03/09 19:50:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/03/09 19:50:34 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2006/03/09 19:50:33 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll ========== Services (SafeList) ========== SRV - [2013/03/12 13:33:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/07 20:29:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate) SRV - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/07/05 10:05:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC) SRV - [2003/10/13 16:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim) DRV - [2012/10/01 21:00:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2012/10/01 21:00:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2012/10/01 21:00:20 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2012/10/01 21:00:15 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012/03/20 17:23:38 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter) DRV - [2012/03/20 17:23:26 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi) DRV - [2011/10/08 20:25:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/10/08 20:25:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/06/28 09:48:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/28 09:48:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/12/19 11:16:52 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2010/09/07 03:37:14 | 000,104,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2010/08/27 20:27:21 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2010/07/05 07:42:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom) DRV - [2010/04/01 11:40:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/11/03 03:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2009/11/03 03:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD) DRV - [2007/09/17 19:28:58 | 000,010,240 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl) DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs) DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec) DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2005/10/20 09:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/09/30 04:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005/08/29 08:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005/08/13 14:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/03/09 06:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2003/11/11 09:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER) DRV - [2003/11/11 09:33:54 | 000,013,195 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistrm.sys -- (MEISTRM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BC 2F B8 14 0E 65 E6 4E A2 19 D1 9D 0C 50 61 2F [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://espn.go.com/" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34 FF - prefs.js..extensions.enabledAddons: crossriderapp4493%40crossrider.com:0.91.83 FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi [2013/03/31 09:15:12 | 000,008,039 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 20:29:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 20:28:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010/09/24 06:29:39 | 000,000,000 | ---D | M] [2011/12/19 17:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions [2013/03/30 12:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions [2010/12/10 17:59:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/01/31 20:50:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009/10/29 20:40:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013/03/13 06:29:18 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com [2009/08/28 06:31:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com [2013/03/13 06:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode [2013/02/14 18:30:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml [2013/03/25 16:24:37 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\wot-safe-search.xml [2013/03/07 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/07 20:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012/08/16 06:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013/03/31 09:15:12 | 000,008,039 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\NETSIGHT@NIELSEN.XPI [2013/03/07 20:29:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/08/30 22:18:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2013/02/27 00:09:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Nielsen FirefoxTracker Plug-in (Enabled) = C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Nielsen = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.3_0\ CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.1_0\ CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\crossrider CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\ CHR - Extension: Gmail = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/28 14:44:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [sugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/12/15 07:58:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe (Giganews, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (Reg Error: Key error.) O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab (Reg Error: Key error.) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control) O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object) O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab (CPlayFirstDinerDashControl Object) O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C}: DhcpNameServer = 192.168.1.1 4.2.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\internet\eudora\EuShlExt.dll (Qualcomm Inc.) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/30 14:02:02 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2009/12/31 17:00:24 | 000,000,085 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (pdboot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/03/31 21:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013/03/30 13:11:05 | 001,363,016 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar.exe [2013/03/30 13:11:05 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\fixdamage.exe [2013/03/30 12:55:04 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/29 23:10:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe [2013/03/28 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4 [2013/03/28 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother [2013/03/28 15:38:22 | 000,000,000 | ---D | C] -- C:\Brother [2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2013/03/28 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2013/03/28 15:37:57 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll [2013/03/28 15:36:39 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll [2013/03/28 15:36:38 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll [2013/03/28 15:36:38 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll [2013/03/28 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2013/03/28 15:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/03/28 14:13:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/03/28 14:13:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/03/28 14:13:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/03/28 14:13:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/03/28 14:13:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/28 14:10:12 | 005,044,813 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe [2013/03/27 11:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2013/03/22 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2013/03/21 21:46:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013/03/21 21:46:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/03/07 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2013/03/07 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/03/07 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/10/24 08:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013/04/01 08:51:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job [2013/04/01 08:33:40 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhide.exe [2013/04/01 08:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/03/31 14:52:04 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job [2013/03/30 13:12:20 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2013/03/30 13:01:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job [2013/03/30 13:01:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/03/30 13:01:11 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe [2013/03/28 16:15:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/03/28 16:15:20 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/28 15:48:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/03/28 15:39:38 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk [2013/03/28 15:39:18 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2013/03/28 15:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\brpcfx.ini [2013/03/28 15:38:22 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini [2013/03/28 14:44:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/03/28 14:10:23 | 005,044,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe [2013/03/28 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/03/27 11:59:11 | 027,407,622 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4 [2013/03/27 11:58:31 | 104,376,597 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4 [2013/03/21 15:18:29 | 001,363,016 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar.exe [2013/03/21 15:18:29 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\fixdamage.exe [2013/03/13 03:02:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/03/12 13:33:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/03/12 13:33:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/03/08 07:31:12 | 000,501,923 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf ========== Files Created - No Company Name ========== [2013/03/28 15:39:38 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk [2013/03/28 15:38:04 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/03/28 15:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2013/03/28 14:13:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/03/28 14:13:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/03/28 14:13:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/03/28 14:13:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/03/28 14:13:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/03/27 11:59:11 | 027,407,622 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4 [2013/03/27 11:58:31 | 104,376,597 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4 [2013/03/20 14:38:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job [2013/03/20 14:38:00 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job [2013/03/20 14:38:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job [2013/03/08 07:31:12 | 000,501,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf [2012/04/02 12:36:49 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/04/02 11:27:05 | 001,527,650 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll [2012/03/15 06:40:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/03/15 06:40:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/03/11 13:16:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2012/03/11 13:16:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2012/02/21 05:00:54 | 001,263,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2684078581-1939207485-826778432-1008-0.dat [2012/02/21 05:00:39 | 000,273,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/02/20 10:15:43 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2012/02/15 08:28:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/07/29 08:29:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable [2010/10/24 08:52:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat [2010/10/24 08:52:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf [2008/10/09 11:04:27 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\default.pls [2008/10/05 17:01:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.rnd [2007/01/27 17:32:35 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AutoGK.ini [2006/06/12 08:00:42 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/11 08:13:54 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2005/08/30 13:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  7. juliofelipe
    Part 5 - the last piece of the system log. Wow that is a long file... Read File: File "c:\WINDOWS\Downloaded Program Files\mjolauncher.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\gpcontrol.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\OnlineScanner.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\OSD2B0C.OSD" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\SCEWebLauncher.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\symdlmgr.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\wlscBase.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db.id" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft\Connection Service\timecfg.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\bgscncfg.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\conngmidchg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\gmid.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\upgmidchg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\uuid.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\{6005a339-8b45-43d1-856a-a05dd9e4f98b}\staxSys.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rio\Rio Music Manager\Rio_Forge_5042_0002F68C2CF98817.lsa" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\update.ver" is compressed (flags = 1) Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\updatebr.inf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\autorun.inf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\facefilter\InstFFSpath.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\menu\LogoCopyright.swf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrCollect.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrDbgOut.INI" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\layout.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\ENG_End_Mes.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_End_Mes.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_guide.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk2\layout.bin" is compressed (flags = 1) Done! Scan finished =======================================
  8. juliofelipe
    Part 4 - another piece of the system log... <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff8a7c8ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xffffffff8a7b5348 Lower Device Driver Name: \Driver\usbstor\ Device already Exists: 0xffffffff8aafb1e8 <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff8a78cab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xffffffff8a7bc8c8 Lower Device Driver Name: \Driver\usbstor\ Device already Exists: 0xffffffff8aba46d8 <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff8a7bcab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff8a788ea0 Lower Device Driver Name: \Driver\usbstor\ Device already Exists: 0xffffffff89cea040 <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff8a789428 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xffffffff8a7b8030 Lower Device Driver Name: \Driver\usbstor\ Device already Exists: 0xffffffff89c04f18 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8ae9bab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff8ad81d98 Lower Device Driver Name: \Driver\atapi\ Device already Exists: 0xffffffff89cec5d8 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8ae9b998, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8ae9d900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8aeec030, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8ad81d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\ Upper DeviceData: 0xffffffffe1d96440, 0xffffffff8ae9bab8, 0xffffffff89c20ab8 Lower DeviceData: 0xffffffffe1cf7ed0, 0xffffffff8ad81d98, 0xffffffff89cec5d8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CAB10BEE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 374073462 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 374089590 Numsec = 16627275 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b3de0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a7c9020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7b8030, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a792c48, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a7c0020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a788ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b39f8, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8aa80020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7bc8c8, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b5768, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a784020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7b5348, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\ ------------ End ---------- Done! Performing system, memory and registry scan... Read File: File "c:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\stats.awd" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\Category.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\SCategory.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\boost_interprocess\401C437CB6BECC01\{1832B446-3F6D-4880-99C1-0B3B26170D94}" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Bots.sbe" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\SystemInternals.sbe" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\com.apple.QuickTime.plist" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\arcsoft_codec.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\guid.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\tic.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\UpdaterforApp.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\TotalMedia Extreme\TME.DAT" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfg\malrep.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfgall\userall.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\commonpub.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\history.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\crm.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Fotomanager_dlx.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Installation.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\installation.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\Photo_Manager_10\_msi_keyfile_k4s0bq0oui3c03cqsvex8i9vt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\link.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\mxtr_auto_settings.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\ULC\nextBackup.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager\mdm.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\blank.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\SmoothMovement.js" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\instance.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.par" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\D562D8C0-5259-3FE8-63D0-D18B37D0AEE3.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\Data.DCD" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\DiscInstalledMC.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.5c060651" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.e9ab0d36" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\ProjectPrefs.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\WSMgrCfg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Illustrator CS Settings\AI Color Settings" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Updater\AUTrans.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\NeroVisionLog.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.1.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Long Walk to Freedom Nelson Mandela (epub)[rogercc][h33t].epub.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\A Raisin In The Sun.rtf.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Corrections.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\the white tiger.txt.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\comic_input.py" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\page_setup.py" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\crm.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Media Player\001002A2.wpl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Excel12.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Imagin10.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\MSO1024.acl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Scanni10.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\MNStatsID.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab\init0.movefab" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\TuneUpMedia\prefs.js" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Real\RealMediaSDK\c0a80100.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\vlc\ml.xspf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\asset.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\assets.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\FolderList.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\thumbnailSel.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\ViewSel.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\auth.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\gen_jumpex.m3u8" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Winamp.m3u" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\winamp.m3u8" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Plugins\gen_mud.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\EasyCutter.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\FreeConverter.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\funkitron\Boggle Supreme\Boggle.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1\Local Store\DesktopCitizen.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\registry.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\profiles.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\031612 vs belmont.pxy" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\032812 vs bernstein.pxy" is compressed (flags = 1) Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\24wwxsp1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\AK083E209605E394C.lie" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\MsiExec.exe.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\temp_0000_80678.aok" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\thxcfg.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\veolx32n.dll" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\650807529" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20080821-215650.backup" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20090216-183112.backup" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\default.pls" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\brpcfx.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Brpfx04a.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\BRPP2KA.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\BRWMARK.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\iexplore.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Nxiwuzuwoc.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\srun.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\AviSplitter.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\UPGRADE.TXT" is compressed (flags = 1) Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\wmsetup10.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\popcinfo.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\Quicken.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\DiscWriter\2.3.1.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroBurnAdvrCntrl2Lib\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NEROLib\1.4.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroMCEWrapper\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroVisionAPI\1.3.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcrmcm\60.0.86.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
  9. juliofelipe
    Part 3 - Continuation of the system log... Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\DiscWriter\2.3.1.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroBurnAdvrCntrl2Lib\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NEROLib\1.4.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroMCEWrapper\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroVisionAPI\1.3.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcrmcm\60.0.86.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\mjolauncher.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\gpcontrol.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\OnlineScanner.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\OSD2B0C.OSD" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\SCEWebLauncher.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\symdlmgr.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\wlscBase.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> [backdoor.0Access] Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1) Infected: c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> [backdoor.0Access] Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db.id" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft\Connection Service\timecfg.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\bgscncfg.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\conngmidchg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\gmid.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\upgmidchg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\uuid.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\{6005a339-8b45-43d1-856a-a05dd9e4f98b}\staxSys.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rio\Rio Music Manager\Rio_Forge_5042_0002F68C2CF98817.lsa" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\update.ver" is compressed (flags = 1) Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\updatebr.inf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\autorun.inf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\facefilter\InstFFSpath.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\menu\LogoCopyright.swf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrCollect.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrDbgOut.INI" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\basic.css" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\copy.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\layout.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\ENG_End_Mes.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_End_Mes.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_guide.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk2\layout.bin" is compressed (flags = 1) Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> [backdoor.0Access] Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> [backdoor.0Access] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal successful. No system shutdown is required. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1022 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_34 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.188000 GHz Memory total: 3152519168, free: 2303700992 ------------ Kernel report ------------ 03/30/2013 13:34:25 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS wdf01000.sys \WINDOWS\System32\Drivers\WDFLDR.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS viaide.sys intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys jraid.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS VolSnap.sys iaStor.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys timntr.sys tdrpman.sys snapman.sys Mup.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\AmdK8.sys \SystemRoot\system32\DRIVERS\aracpi.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\Afc.sys \SystemRoot\System32\Drivers\cdrbsdrv.SYS \SystemRoot\system32\drivers\pfc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\ArcCD.SYS \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\Rtnicxp.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\drivers\ALCXWDM.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\km_filter.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\arpolicy.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\System32\Drivers\pcouffin.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\WmBEnum.sys \SystemRoot\system32\drivers\WmXlCore.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\ArcRec.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\tcpip6.sys \SystemRoot\system32\drivers\netbt.sys \SystemRoot\System32\Drivers\nnrnstdi.SYS \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\WINDOWS\system32\VCdRom.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\drivers\ip6fw.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\avipbb.sys \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\arhidfltr.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\arkbcfltr.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\armoucfltr.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\System32\Drivers\DefragFS.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End -----------
  10. juliofelipe
    Part 2 - Here is the system log. It was too long to post, so I'm splitting into multiple posts (although it kinda looks like it ran twice)... --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1022 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_34 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.188000 GHz Memory total: 3152519168, free: 1747968000 ------------ Kernel report ------------ 03/30/2013 13:10:05 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS wdf01000.sys \WINDOWS\System32\Drivers\WDFLDR.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS viaide.sys intelide.sys MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys jraid.sys \WINDOWS\system32\DRIVERS\SCSIPORT.SYS VolSnap.sys iaStor.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys timntr.sys tdrpman.sys snapman.sys Mup.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\AmdK8.sys \SystemRoot\system32\DRIVERS\aracpi.sys \SystemRoot\system32\DRIVERS\ati2mtag.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\Afc.sys \SystemRoot\System32\Drivers\cdrbsdrv.SYS \SystemRoot\system32\drivers\pfc.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\ArcCD.SYS \SystemRoot\System32\Drivers\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\Rtnicxp.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\drivers\ALCXWDM.SYS \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\km_filter.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\arpolicy.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\System32\Drivers\pcouffin.sys \SystemRoot\System32\Drivers\RootMdm.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\drivers\WmBEnum.sys \SystemRoot\system32\drivers\WmXlCore.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\ArcRec.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\tcpip6.sys \SystemRoot\system32\drivers\netbt.sys \SystemRoot\System32\Drivers\nnrnstdi.SYS \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \??\C:\WINDOWS\system32\VCdRom.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\drivers\ip6fw.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\avipbb.sys \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\arhidfltr.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\arkbcfltr.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\armoucfltr.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\ati2dvag.dll \SystemRoot\System32\ati2cqag.dll \SystemRoot\System32\atikvmag.dll \SystemRoot\System32\ati3duag.dll \SystemRoot\System32\ativvaxx.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\System32\Drivers\DefragFS.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk4\DR6 Upper Device Object: 0xffffffff8a7c8ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000088\ Lower Device Object: 0xffffffff8a7b5348 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR5 Upper Device Object: 0xffffffff8a78cab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000087\ Lower Device Object: 0xffffffff8a7bc8c8 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff8a7bcab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000086\ Lower Device Object: 0xffffffff8a788ea0 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff8a789428 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000085\ Lower Device Object: 0xffffffff8a7b8030 Lower Device Driver Name: \Driver\usbstor\ Driver name found: usbstor <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8ae9bab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff8ad81d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.03.30.06 Downloaded database version: v2013.03.25.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8ae9b998, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8ae9d900, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8aeec030, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8ad81d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\ Upper DeviceData: 0xffffffffe3827470, 0xffffffff8ae9bab8, 0xffffffff89c20ab8 Lower DeviceData: 0xffffffffe3825c58, 0xffffffff8ad81d98, 0xffffffff89cec5d8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CAB10BEE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 374073462 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 374089590 Numsec = 16627275 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 200049647616 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b3de0, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a7c9020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7b8030, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a792c48, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a7c0020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a788ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b39f8, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8aa80020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7bc8c8, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a7b5768, DeviceName: Unknown, DriverName: \Driver\snapman\ DevicePointer: 0xffffffff8a784020, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a7b5348, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\ ------------ End ---------- Done! Performing system, memory and registry scan... Read File: File "c:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\stats.awd" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\Category.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\SCategory.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\boost_interprocess\401C437CB6BECC01\{1832B446-3F6D-4880-99C1-0B3B26170D94}" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Bots.sbe" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\SystemInternals.sbe" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\com.apple.QuickTime.plist" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\arcsoft_codec.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\guid.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\tic.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\UpdaterforApp.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\TotalMedia Extreme\TME.DAT" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfg\malrep.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfgall\userall.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\commonpub.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\history.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\crm.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Fotomanager_dlx.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Installation.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\installation.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\Photo_Manager_10\_msi_keyfile_k4s0bq0oui3c03cqsvex8i9vt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\link.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\mxtr_auto_settings.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\ULC\nextBackup.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager\mdm.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\blank.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\SmoothMovement.js" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\instance.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.par" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\D562D8C0-5259-3FE8-63D0-D18B37D0AEE3.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\Data.DCD" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\DiscInstalledMC.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.5c060651" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.e9ab0d36" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\ProjectPrefs.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\WSMgrCfg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Illustrator CS Settings\AI Color Settings" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Updater\AUTrans.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\NeroVisionLog.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.1.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Long Walk to Freedom Nelson Mandela (epub)[rogercc][h33t].epub.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\A Raisin In The Sun.rtf.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Corrections.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\the white tiger.txt.torrent" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\comic_input.py" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\page_setup.py" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\crm.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Media Player\001002A2.wpl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Excel12.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Imagin10.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\MSO1024.acl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Scanni10.pip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\MNStatsID.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab\init0.movefab" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\TuneUpMedia\prefs.js" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Real\RealMediaSDK\c0a80100.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\vlc\ml.xspf" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\asset.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\assets.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\FolderList.yos" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\thumbnailSel.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\ViewSel.db" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\auth.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\gen_jumpex.m3u8" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Winamp.m3u" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\winamp.m3u8" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Plugins\gen_mud.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\EasyCutter.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\FreeConverter.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\funkitron\Boggle Supreme\Boggle.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1\Local Store\DesktopCitizen.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\registry.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\profiles.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\031612 vs belmont.pxy" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\032812 vs bernstein.pxy" is compressed (flags = 1) Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\24wwxsp1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\AK083E209605E394C.lie" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\MsiExec.exe.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\temp_0000_80678.aok" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\thxcfg.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\veolx32n.dll" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\650807529" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20080821-215650.backup" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20090216-183112.backup" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\default.pls" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\brpcfx.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Brpfx04a.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\BRPP2KA.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\BRWMARK.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\iexplore.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Nxiwuzuwoc.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\srun.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\AviSplitter.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\UPGRADE.TXT" is compressed (flags = 1) Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\wmsetup10.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "c:\WINDOWS\popcinfo.dat" is compressed (flags = 1) Read File: File "c:\WINDOWS\Quicken.ini" is compressed (flags = 1)
  11. juliofelipe
    OK, I removed BitTorrent. I just used the Add and Remove Programs control panel to remove it - I hope that deletes it completely. Below are the 3 logs that you asked for. 1st is the OTL log. The second is the mbar log (The first time it came up with 4 issues that it cleaned. I ran it again like the instructions said and it came up clean. I'll post both of them since I'm not sure which one you want/need. And lastly is the system log. Considering the last post had to be broken up into multiple posts, I'll probably have to do the same here. Thanks, JF All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found. Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons Prefs.js: "Search Results" removed from browser.search.defaultenginename C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com\chrome folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\plugin@yontoo.com.xpi moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AntiVirusDisableNotify deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\UpdatesDisableNotify deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\FirewallDisableNotify deleted successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\uyy2qb2nixeuy64x76lad14 moved successfully. C:\Documents and Settings\All Users\Application Data\uyy2qb2nixeuy64x76lad14 moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\036c1j4g1820 moved successfully. C:\Documents and Settings\All Users\Application Data\036c1j4g1820 moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\4727uy07g8m3s12g7my1iy4678gag730 moved successfully. C:\Documents and Settings\All Users\Application Data\4727uy07g8m3s12g7my1iy4678gag730 moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp moved successfully. C:\Documents and Settings\All Users\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o moved successfully. C:\Documents and Settings\All Users\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o moved successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\267464291 moved successfully. C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\searchquband folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar\weather folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar\coupons folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar folder moved successfully. C:\Documents and Settings\Compaq_Administrator\Application Data\TrojanHunter folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 4047 bytes ->FireFox cache emptied: 21293864 bytes ->Flash cache emptied: 722 bytes User: All Users User: Compaq_Administrator ->Temp folder emptied: 120656340 bytes ->Temporary Internet Files folder emptied: 3561322 bytes ->Java cache emptied: 28161 bytes ->FireFox cache emptied: 339867570 bytes ->Google Chrome cache emptied: 139959686 bytes ->Flash cache emptied: 21323 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 85415345 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 237188841 bytes Total Files Cleaned = 904.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03302013_125504 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_ec0.dat moved successfully. File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\CR_445AE.tmp\SETUP_PATCH.PACKED.7Z not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glsllib not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\glsles.h not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_configuration_glsles.h not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_utils_glsles.h not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbfp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbvp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.asd not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.cfg not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.ps_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.vs_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbfp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbvp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.asd not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.cfg not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.ps_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.vs_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stcommonobjects.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbfp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbvp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.asd not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.cfg not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.ps_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.vs_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbfp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbvp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.asd not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.cfg not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.ps_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.vs_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbfp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbvp1 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.asd not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.cfg not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.ps_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.vs_2_0 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\water.glsllib not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesv not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\planet\earth.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\generic.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\sr22.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\generic.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\sr22.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\generic.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\f16.acf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\sr22.acf not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\flightsim.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\application.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\balloons.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\builtin_webdata.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_inverse.png not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_thick.png not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\doppler.txt not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\effects.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\filmstrip.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-common.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-layer.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\localshapes.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\navcontrols.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\notifications.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\progress.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\renderui.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\search.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\spin_icon.png not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\statusbar.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\terrainmgr.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tmcontrols.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\toolbar.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tourcontrols.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\unknown_plugin.png not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\userpalette.kml not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\webbrowser.rcc not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ar.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\bg.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ca.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\cs.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\da.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\de.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\el.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\en.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es-419.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fa.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fi.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fil.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fr.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\he.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hi.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hr.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hu.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\id.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\it.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ja.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ko.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lt.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lv.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\nl.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\no.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pl.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt-PT.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ro.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ru.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sk.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sl.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sr.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sv.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\th.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\tr.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\uk.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\vi.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hans.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant-HK.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant.qm not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\drivers.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth.exe.local not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\google_earth.ico not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\gpl.txt not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterGlobalSettings.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterUISettings.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\kh20 not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\PCOptimizations.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\uninstall.ico not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\0x0409.ini not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\Google Earth.msi not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\GoogleEarth.exe not found! File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\Setup.ini not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.03.30.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Compaq_Administrator :: HADDY [administrator] 3/30/2013 1:33:06 PM mbar-log-2013-03-30 (13-33-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29932 Time elapsed: 20 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L (Backdoor.0Access) -> Delete on reboot. c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U (Backdoor.0Access) -> Delete on reboot. Files Detected: 2 c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ (Backdoor.0Access) -> Delete on reboot. c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ (Backdoor.0Access) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.03.30.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Compaq_Administrator :: HADDY [administrator] 3/30/2013 1:50:59 PM mbar-log-2013-03-30 (13-50-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29922 Time elapsed: 16 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  12. juliofelipe
    PART 2 - the last part of the OTL.txt output and the Extras.txt output. [2013/03/07 21:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/10/09 18:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2012/06/30 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2011/12/19 18:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2011/06/27 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2013/03/28 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2006/03/09 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation [2012/01/04 10:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2008/11/17 18:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP [2008/04/21 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2006/08/10 08:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync [2010/11/13 08:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2011/11/05 19:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2008/02/24 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor [2006/06/11 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo [2010/06/15 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike [2012/03/11 13:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2006/08/12 08:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2006/06/23 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2010/07/05 10:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone [2010/07/05 10:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup [2012/03/11 13:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012/10/01 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate [2011/11/06 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2012/06/17 11:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia [2010/08/25 21:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update [2009/01/08 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/08/26 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ylodkfwf [2012/03/11 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2010/03/30 20:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/11 18:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/10 07:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/12/19 17:52:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA} [2011/12/28 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Any Flv Converter [2012/06/30 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Babylon [2013/03/28 22:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent [2011/04/12 06:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\C0EFD9542FAA59F0DAA150FC22334505 [2011/08/21 11:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\calibre [2010/11/21 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1 [2013/03/28 15:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4 [2006/07/19 18:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys [2012/01/04 10:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\f-secure [2006/08/10 08:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fhnetwork.com [2011/06/06 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack [2006/09/06 19:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron [2006/08/10 08:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HotSync [2006/06/11 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech [2008/07/25 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LEAPS [2011/11/05 19:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX [2010/10/24 09:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab [2007/04/04 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape [2012/03/11 13:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Nuance [2008/06/27 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NwDocx [2009/05/18 18:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera [2008/12/05 21:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Pegasys Inc [2006/08/12 08:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst [2011/12/19 17:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\searchquband [2012/01/23 08:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar [2008/08/22 08:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TrojanHunter [2012/06/17 11:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TuneUpMedia [2010/10/24 08:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Vso [2008/03/28 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer [2007/07/17 09:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch [2012/02/06 20:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinPatrol ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/06/27 23:27:21 | 000,000,000 | ---D | M] -- C:\$AVG [2006/11/15 04:01:05 | 000,000,000 | ---D | M] -- C:\21943d461b9bdeb59e6d [2012/05/03 21:39:05 | 000,000,000 | ---D | M] -- C:\6510 [2012/02/06 21:18:32 | 000,000,000 | ---D | M] -- C:\AMD [2010/11/13 08:55:57 | 000,000,000 | ---D | M] -- C:\ArcBackupDeviceInfo [2013/03/28 15:38:22 | 000,000,000 | ---D | M] -- C:\Brother [2010/09/29 06:47:15 | 000,000,000 | RHSD | M] -- C:\cmdcons [2005/11/14 11:03:06 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2013/03/28 15:42:52 | 000,000,000 | ---D | M] -- C:\Config.Msi [2011/01/31 07:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2006/09/03 10:07:04 | 000,000,000 | ---D | M] -- C:\games [2006/07/03 19:50:14 | 000,000,000 | ---D | M] -- C:\hp [2009/05/03 10:45:08 | 000,000,000 | ---D | M] -- C:\Hy-Sport [2006/03/09 19:59:17 | 000,000,000 | ---D | M] -- C:\i386 [2007/06/29 15:13:20 | 000,000,000 | ---D | M] -- C:\internet [2008/11/17 19:33:36 | 000,000,000 | ---D | M] -- C:\My Downloads [2013/03/07 21:58:46 | 000,000,000 | ---D | M] -- C:\my music [2008/02/23 22:41:02 | 000,000,000 | ---D | M] -- C:\New Folder [2006/12/25 14:43:47 | 000,000,000 | ---D | M] -- C:\p's music [2011/12/31 10:04:30 | 000,000,000 | ---D | M] -- C:\photos [2013/03/29 10:02:18 | 000,000,000 | ---D | M] -- C:\Program Files [2007/02/23 07:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData [2007/11/26 20:24:50 | 000,000,000 | ---D | M] -- C:\Python22 [2013/03/28 15:04:39 | 000,000,000 | ---D | M] -- C:\Qoobox [2012/10/01 20:22:47 | 000,000,000 | ---D | M] -- C:\RaidTool [2013/03/28 15:13:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2006/06/26 07:25:37 | 000,000,000 | ---D | M] -- C:\Rio [2010/06/26 06:49:31 | 000,000,000 | ---D | M] -- C:\Rooter$ [2008/02/23 23:02:16 | 000,000,000 | ---D | M] -- C:\shared [2012/09/22 23:42:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2006/03/09 19:47:59 | 000,000,000 | ---D | M] -- C:\system.sav [2006/07/03 19:50:05 | 000,000,000 | ---D | M] -- C:\temp [2011/05/01 09:50:45 | 000,000,000 | ---D | M] -- C:\tempMM [2012/05/10 22:55:02 | 000,000,000 | ---D | M] -- C:\tfmeets [2013/03/29 22:49:00 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2013/03/27 11:36:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Invalid Environment Variable: localappdata < MD5 for: SERVICES.EXE > [2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe [2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe [2004/08/09 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe < MD5 for: USER32.DLL > [2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll [2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < End of report > OTL Extras logfile created on: 3/29/2013 11:11:27 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.32% Memory free 4.18 Gb Paging File | 1.99 Gb Available in Paging File | 47.56% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.37 Gb Total Space | 16.35 Gb Free Space | 9.17% Space Free | Partition Type: NTFS Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.08% Space Free | Partition Type: FAT32 Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Disabled:Compaq Connections -- (Hewlett-Packard) "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DSH -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\Brother\Brmfl10g\FAXRX.exe" = C:\Program Files\Brother\Brmfl10g\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW "{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro "{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5 "{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6 "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content "{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0 "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091 "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC "{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper "{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta) "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6C91041E-406E-C082-0D03-75D4BC9C6CB0}" = Picaboo X "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6EC0A77B-AFAF-4B9A-A2AF-412589CF5FF6}" = Eudora "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0 "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0 "{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional "{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software "{B9273566-6E0A-4A87-AABB-08A0733ECE8E}" = MEET MANAGER 2.0 for Track & Field "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre "{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite "{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4 "{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview "{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0 "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{E722A962-E87D-CB6B-EB1E-27AD13D0F577}" = AMD Parental Control & Encoder "{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari "{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player "{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme "{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0 "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only) "05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only) "0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D" = Zuma Deluxe from Compaq (remove only) "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only) "3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only) "3B3B73D1-DC4A-4780-B0E4-E823D08B3397" = 5 Card Slingo from Compaq (remove only) "422C7575-C10D-4795-87FA-9972765379E6" = Mah Jong Quest from Compaq (remove only) "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "52AEBC18-F252-4B0C-B3E1-724537D9F873" = Ricochet Lost Worlds from Compaq (remove only) "53474592-01BC-4338-8647-FE350957D912" = Barnyard Invasion from Compaq (remove only) "5AF1DD17-7B06-45EF-8592-2E524E458BAB" = Insaniquarium Deluxe from Compaq (remove only) "63E4EC24-7173-4E1F-9C77-B4403CBCF91F" = Lemonade Tycoon 2 from Compaq (remove only) "66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only) "75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only) "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007 "85CF9BF3-1057-468C-962D-31BAABC6AC72" = FATE from Compaq (remove only) "8D11F98B-4931-44F6-8FC6-971CCBBBB131" = Snowboard SuperJam from Compaq (remove only) "9448DE42-C017-4A3E-A0BB-C50BF673E9E0" = Chuzzle Deluxe from Compaq (remove only) "997DD523-B925-4C73-970B-C201E8F781AD" = AstroPop Deluxe from Compaq (remove only) "9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only) "AC3ACM" = AC-3 ACM Codec "Adobe AIR" = Adobe AIR "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 4.1.0422 "Allok Video Joiner_is1" = Allok Video Joiner 3.3.1116 "ATI Display Driver" = ATI Display Driver "AutoGK" = Auto Gordian Knot 2.40 "AVI Joiner_is1" = AVI Joiner "AVI Splitter_is1" = AVI Splitter "Avi2Dvd" = Avi2Dvd 0.4.4 beta "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6 "AwayMode160" = Microsoft Away Mode "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only) "BBE9E0F3-11F7-4424-9905-8E0153E872C1" = Family Feud "BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only) "BitTorrent" = BitTorrent "C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only) "C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B" = Boggle Supreme from Compaq (remove only) "CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only) "CalorieKing.com Diet Diary for PalmOS" = CalorieKing.com Diet Diary for PalmOS "CCleaner" = CCleaner (remove only) "com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X "Coupon Companion" = Coupon Companion "D84AC71A-75E8-4709-8BA5-4B46EAC00C5E" = Bejeweled 2 Deluxe from Compaq (remove only) "DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only) "DISCover" = DISCover "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010) "DVDx_is1" = DVDx "E1A0F769-A43A-4DDB-9F73-12791E453557" = Puzzle Express from Compaq (remove only) "E618FC78-EE4F-4243-8409-078EB5E0B1F6" = Bookworm Deluxe from Compaq (remove only) "ERUNT_is1" = ERUNT 1.1j "ESET Online Scanner" = ESET Online Scanner v3 "EsetOnlineScanner" = ESET Online Scanner "exPressit S.E. 2.2" = exPressit S.E. 2.2 "F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only) "F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9" = Slingo Deluxe from Compaq (remove only) "FA6A73EB-40AB-4B58-851D-3892B3C10EF6" = SCRABBLE from Compaq (remove only) "FileHippo.com" = FileHippo.com Update Checker "FLVPlayer" = FLV Player 1.3.3 "Forte Agent" = Forté Agent "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95 "Free WMA MP3 Converter" = Free WMA MP3 Converter "Google Chrome" = Google Chrome "GSpot" = GSpot Codec Information Appliance "HaaliMkx" = Haali Media Splitter "HP Game Console" = HP Game Console and games "HP Imaging Device Functions" = HP Imaging Device Functions 6.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.0 "HP Rhapsody" = HP Rhapsody "HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InFlac" = InFlac 1.1.1 "InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5 "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement "InstallShield_{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "IsoBuster_is1" = IsoBuster 2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Matroska Pack" = Matroska Pack "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Money2006b" = Microsoft Money 2006 "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Netscape Browser" = Netscape Browser (remove only) "NetSight" = Nielsen "Nike+ Connect" = Nike+ Connect "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Open Video Joiner_is1" = Open Video Joiner version 3.1 "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9 "PG-1-278" = MultiLane version 1.0 "Photo Viewer_is1" = Photo Viewer 2.4 "Photo2DVD Studio_is1" = Photo2DVD Studio Build 4.8.0.1 "PS2" = PS2 "Python 2.2.3" = Python 2.2.3 "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203) "RealPlayer 12.0" = RealPlayer "SaveVid Plug-in" = SaveVid Plug-in "SPSS for Windows 11.5" = SPSS 11.5 for Windows "Sqirlz Morph" = Sqirlz Morph "SubtitleCreator" = SubtitleCreator "SugarSync" = SugarSync Manager "TuneUpMedia" = TuneUp Companion 2.4.6.4 "TurboTax 2008" = TurboTax 2008 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006 "TurboTax Premier 2007" = TurboTax Premier 2007 "Tweak UI 2.10" = Tweak UI "Video Cleaner" = River Past Video Cleaner "VLC media player" = VLC media player 2.0.1 "VobSub" = VobSub v2.23 (Remove Only) "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Winamp" = Winamp "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinMorph_is1" = WinMorph™ 3.01 "WinRAR archiver" = WinRAR 4.11 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "XviD_is1" = XviD 1.1 final uninstall "XviD4PSP5_is1" = XviD4PSP 5.10.271.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/24/2013 6:54:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 15:54:26.674]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 6:55:35 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 15:55:35.674]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 6:59:02 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 15:59:02.705]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:00:11 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:00:11.721]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:01:20 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:01:20.721]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:03:38 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:03:38.737]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:04:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:04:47.737]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:05:56 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:05:56.737]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:07:05 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:07:05.752]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] Error - 3/24/2013 7:08:14 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2013/03/24 16:08:14.752]: [00003808]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.172] [ System Events ] Error - 3/28/2013 10:04:33 AM | Computer Name = HADDY | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Workstation | ID = 5727 Description = Could not load RDR device driver. Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024 Description = The Workstation service terminated with service-specific error 2250 (0x8CA). Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1066 < End of report >
  13. juliofelipe
    Here you go... (I got an error that the post was too long. I tried posting the OTL.txt in this post and will post the Extras.txt in the next - but even that was too long. So, I'm splitting the OTL.txt in two parts - the first here and the rest at the start of the next post, right before the Extras.txt output.) Thanks! JF OTL logfile created on: 3/29/2013 11:11:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.32% Memory free 4.18 Gb Paging File | 1.99 Gb Available in Paging File | 47.56% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.37 Gb Total Space | 16.35 Gb Free Space | 9.17% Space Free | Partition Type: NTFS Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.08% Space Free | Partition Type: FAT32 Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe PRC - [2013/01/24 01:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe PRC - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe PRC - [2012/09/28 20:45:33 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/05/19 17:14:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2012/02/24 05:49:52 | 000,093,504 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe PRC - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe PRC - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe PRC - [2010/11/03 03:26:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/10/01 08:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/08/09 05:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\nero\Update\NASvc.exe PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/12/18 09:49:40 | 000,757,760 | ---- | M] (Giganews, Inc.) -- C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe PRC - [2006/03/09 20:33:38 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe PRC - [2005/11/11 14:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe PRC - [2005/11/11 14:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe PRC - [2005/11/11 14:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe PRC - [2005/11/11 14:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe PRC - [2005/11/01 03:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe PRC - [2005/08/02 17:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe PRC - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013/03/28 15:49:34 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2013/03/28 15:49:33 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2013/02/14 04:12:07 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll MOD - [2013/02/14 04:11:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013/02/14 04:10:53 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013/02/14 04:07:24 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013/02/14 04:04:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2013/02/14 04:04:04 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013/02/14 04:04:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013/02/14 04:04:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/02/14 04:04:00 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2013/02/14 04:03:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2013/02/14 04:03:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2013/02/14 04:03:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013/02/14 04:03:41 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013/02/14 04:03:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2013/01/09 04:19:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 04:19:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013/01/09 04:16:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013/01/09 04:16:34 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013/01/09 04:15:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013/01/09 04:15:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013/01/09 04:05:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1e116300\mscorlib.dll MOD - [2013/01/09 04:04:57 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6ea43965\system.drawing.dll MOD - [2013/01/09 04:04:51 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0203b7a4\system.xml.dll MOD - [2013/01/09 04:04:47 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f63600c2\system.windows.forms.dll MOD - [2013/01/09 04:04:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b7aa3e59\system.dll MOD - [2013/01/09 04:04:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2013/01/09 04:04:29 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2013/01/09 04:04:28 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2013/01/09 04:04:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2012/10/29 10:39:36 | 000,502,784 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll MOD - [2012/10/29 10:36:12 | 000,753,664 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll MOD - [2012/10/29 10:35:06 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll MOD - [2012/10/29 10:34:50 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll MOD - [2012/10/29 10:34:42 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll MOD - [2012/10/29 10:34:32 | 000,503,808 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll MOD - [2012/02/21 04:58:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll MOD - [2012/02/21 04:48:18 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll MOD - [2012/02/21 04:48:11 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll MOD - [2012/02/21 04:48:07 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll MOD - [2012/02/21 04:41:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll MOD - [2012/02/21 04:40:32 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll MOD - [2012/02/21 04:39:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll MOD - [2012/02/21 04:38:49 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll MOD - [2012/02/21 04:38:19 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll MOD - [2012/02/21 04:38:10 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll MOD - [2012/02/21 04:37:58 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll MOD - [2012/02/21 04:37:45 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll MOD - [2012/02/21 04:37:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll MOD - [2011/12/17 08:48:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2011/12/17 08:48:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2011/01/20 21:53:20 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/01/20 21:53:20 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/01/20 21:53:18 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/01/20 21:53:18 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/01/20 21:53:18 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/01/20 21:53:18 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/01/20 21:53:18 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/01/20 21:53:17 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/01/20 21:53:17 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2011/01/20 21:53:17 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/01/20 21:53:17 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010/01/27 22:16:47 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/01/27 22:16:47 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/01/27 22:16:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/01/27 22:16:45 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/27 22:16:44 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/01/27 22:16:44 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/27 22:16:43 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/01/27 22:16:42 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/01/27 22:16:42 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/01/27 22:16:42 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll MOD - [2009/03/07 11:36:53 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2009/03/07 11:36:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2009/03/07 11:36:52 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2009/03/07 11:36:52 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2009/03/07 11:36:52 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2009/03/07 11:36:52 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/02/28 11:30:08 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2009/02/28 11:30:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2009/02/28 11:30:05 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2009/02/28 11:20:54 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2009/02/28 11:20:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2009/02/28 11:20:50 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MOD - [2009/02/28 11:20:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/02/28 11:20:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MOD - [2009/02/28 11:20:49 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2006/03/09 20:33:35 | 000,151,589 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\bwfiles.dll MOD - [2006/03/09 20:33:35 | 000,098,339 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\FrExt.dll MOD - [2006/03/09 20:33:35 | 000,061,496 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll MOD - [2006/03/09 19:50:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/03/09 19:50:34 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2006/03/09 19:50:33 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll MOD - [2005/12/15 06:33:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll ========== Services (SafeList) ========== SRV - [2013/03/12 13:33:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/07 20:29:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate) SRV - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/07/05 10:05:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC) SRV - [2003/10/13 16:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim) DRV - [2012/10/01 21:00:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2012/10/01 21:00:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2012/10/01 21:00:20 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2012/10/01 21:00:15 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012/03/20 17:23:38 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter) DRV - [2012/03/20 17:23:26 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi) DRV - [2011/10/08 20:25:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/10/08 20:25:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011/06/28 09:48:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/28 09:48:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/12/19 11:16:52 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2010/09/07 03:37:14 | 000,104,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2010/08/27 20:27:21 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2010/07/05 07:42:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom) DRV - [2010/04/01 11:40:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/11/03 03:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2009/11/03 03:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD) DRV - [2007/09/17 19:28:58 | 000,010,240 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl) DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD) DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs) DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec) DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2005/10/20 09:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/09/30 04:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005/08/29 08:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2005/08/13 14:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/03/09 06:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2003/11/11 09:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER) DRV - [2003/11/11 09:33:54 | 000,013,195 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistrm.sys -- (MEISTRM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BC 2F B8 14 0E 65 E6 4E A2 19 D1 9D 0C 50 61 2F [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://espn.go.com/" FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34 FF - prefs.js..extensions.enabledAddons: crossriderapp4493%40crossrider.com:0.91.83 FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: tab@search.com:1.0 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi [2013/03/28 15:49:44 | 000,008,039 | ---- | M] () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 20:29:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 20:28:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010/09/24 06:29:39 | 000,000,000 | ---D | M] [2011/12/19 17:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions [2013/03/13 06:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions [2010/12/10 17:59:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/19 17:52:48 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2013/01/31 20:50:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009/10/29 20:40:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013/03/13 06:29:18 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com [2009/08/28 06:31:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com [2010/08/25 12:34:03 | 000,000,000 | ---D | M] (tab-search) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com [2012/02/06 21:47:59 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com [2013/03/13 06:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode [2013/02/21 21:52:28 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\plugin@yontoo.com.xpi [2013/02/14 18:30:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml [2013/03/25 16:24:37 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\wot-safe-search.xml [2013/03/07 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/07 20:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012/08/16 06:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013/03/28 15:49:44 | 000,008,039 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\NETSIGHT@NIELSEN.XPI [2013/03/07 20:29:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/08/30 22:18:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2013/02/27 00:09:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Nielsen FirefoxTracker Plug-in (Enabled) = C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Nielsen = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.3_0\ CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.1_0\ CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\crossrider CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\ CHR - Extension: Gmail = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/28 14:44:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [sugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/12/15 07:58:35 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe (Giganews, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AntiVirusDisableNotify = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UpdatesDisableNotify = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: FirewallDisableNotify = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (Reg Error: Key error.) O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab (Reg Error: Key error.) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class) O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control) O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object) O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab (CPlayFirstDinerDashControl Object) O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C}: DhcpNameServer = 192.168.1.1 4.2.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\internet\eudora\EuShlExt.dll (Qualcomm Inc.) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/30 14:02:02 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (pdboot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0DC86ADC-4963-4060-87E9-7AA2EF508661} - Themes Setup ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035) ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F7F0BDC-9111-406E-FBE6-8ECC610757BC} - NetShow ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066) ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378) ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607) ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: AutorunsDisabled - ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: mrobeservice - File not found NetSvcs: sddmi2 - File not found NetSvcs: symndis - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/03/29 23:10:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe [2013/03/28 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4 [2013/03/28 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother [2013/03/28 15:38:22 | 000,000,000 | ---D | C] -- C:\Brother [2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2013/03/28 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2013/03/28 15:37:57 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll [2013/03/28 15:36:39 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll [2013/03/28 15:36:38 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll [2013/03/28 15:36:38 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll [2013/03/28 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2013/03/28 15:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/03/28 14:13:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/03/28 14:13:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/03/28 14:13:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/03/28 14:13:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/03/28 14:13:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/28 14:10:12 | 005,044,813 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe [2013/03/27 11:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2013/03/22 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2013/03/07 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2013/03/07 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/03/07 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/10/24 08:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe [2013/03/29 22:32:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/03/29 14:50:02 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job [2013/03/28 16:15:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/03/28 16:15:20 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/03/28 15:52:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2013/03/28 15:48:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/03/28 15:47:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job [2013/03/28 15:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/03/28 15:46:48 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys [2013/03/28 15:39:38 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk [2013/03/28 15:39:18 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini [2013/03/28 15:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\brpcfx.ini [2013/03/28 15:38:22 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini [2013/03/28 14:44:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/03/28 14:10:23 | 005,044,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe [2013/03/28 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/03/28 10:49:03 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job [2013/03/27 11:59:11 | 027,407,622 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4 [2013/03/27 11:58:31 | 104,376,597 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4 [2013/03/13 03:02:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/03/08 07:31:12 | 000,501,923 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf ========== Files Created - No Company Name ========== [2013/03/28 15:39:38 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk [2013/03/28 15:38:04 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/03/28 15:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2013/03/28 14:13:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/03/28 14:13:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/03/28 14:13:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/03/28 14:13:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/03/28 14:13:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/03/27 11:59:11 | 027,407,622 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4 [2013/03/27 11:58:31 | 104,376,597 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4 [2013/03/20 14:38:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job [2013/03/20 14:38:00 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job [2013/03/20 14:38:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job [2013/03/08 07:31:12 | 000,501,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf [2012/04/02 12:36:49 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/04/02 11:27:05 | 001,527,650 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll [2012/03/15 06:40:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/03/15 06:40:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/03/11 13:16:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2012/03/11 13:16:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2012/02/21 05:00:54 | 001,263,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2684078581-1939207485-826778432-1008-0.dat [2012/02/21 05:00:39 | 000,273,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/02/20 10:15:43 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2012/02/15 08:28:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 00:25:48 | 000,018,066 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\uyy2qb2nixeuy64x76lad14 [2012/01/11 00:25:48 | 000,018,066 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uyy2qb2nixeuy64x76lad14 [2012/01/09 18:01:34 | 000,016,500 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\036c1j4g1820 [2012/01/09 18:01:34 | 000,016,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\036c1j4g1820 [2011/12/23 12:25:16 | 000,016,392 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\4727uy07g8m3s12g7my1iy4678gag730 [2011/12/23 12:25:16 | 000,016,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4727uy07g8m3s12g7my1iy4678gag730 [2011/07/29 08:29:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable [2011/05/11 18:40:35 | 000,017,670 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp [2011/05/11 18:40:35 | 000,017,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp [2011/03/31 21:51:18 | 000,014,914 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o [2011/03/31 21:51:18 | 000,014,914 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o [2011/03/10 20:27:12 | 000,012,608 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\267464291 [2010/10/24 08:52:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat [2010/10/24 08:52:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf [2008/10/09 11:04:27 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\default.pls [2008/10/05 17:01:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.rnd [2007/01/27 17:32:35 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AutoGK.ini [2006/06/12 08:00:42 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/11 08:13:54 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2010/12/09 08:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2012/08/28 06:25:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2010/12/09 08:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2005/08/30 13:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ==========
  14. juliofelipe
    Thanks for the help with the infection. You said that you had a tool for my SD card that will unhide all of my files?
  15. juliofelipe
    Sorry about that. I'm pasting the combofix log at the bottom. For the most part, my computer has been fine. I had some issues a year or so ago, but now my only complaint is that it runs a little slow and the internet connection isn't as fast as it used to be - but my computer is at least 6 years old, so some of that is to be expected. The one major problem that I have is (and I don't know if that is related at all) I can't get my printer to install. All of the other computers in my house were able to load the drivers, but when I try to install it on this computer I keep getting an error message that says it can't connect to the printer so the driver never finishes the installation. I have tried it directly connecting to the printer via a USB cable and also over the wireless network in the house and neither worked. After running combofix, I tried the installation again, hoping that it would work - but it's still not working. Thanks, JF ComboFix 13-03-28.01 - Compaq_Administrator 03/28/2013 14:25:59.14.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2378 [GMT -7:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\267464291 c:\documents and settings\Compaq_Administrator\Application Data\2bec9f61 c:\documents and settings\Compaq_Administrator\Application Data\a3949061 c:\documents and settings\Compaq_Administrator\Application Data\cb31609e c:\documents and settings\Compaq_Administrator\Application Data\dc94e89b c:\windows\$NtUninstallKB62280$ c:\windows\$NtUninstallKB62280$\1655913888 c:\windows\$NtUninstallKB62280$\485945278\@ c:\windows\$NtUninstallKB62280$\485945278\cfg.ini c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@ c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@ c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@ c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@ c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@ c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@ c:\windows\$NtUninstallKB62280$\485945278\version c:\windows\system32\dds_trash_log.cmd c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 ))))))))))))))))))))))))))))))) . . 2013-03-08 04:08 . 2013-03-08 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 20:33 . 2012-05-20 22:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-12 20:33 . 2011-06-05 01:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-12 00:32 . 2009-01-07 03:38 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-09 21:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2004-08-09 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05 . 2004-08-09 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53 . 2004-08-09 21:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2004-08-09 21:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-14 16:48 . 2013-01-14 16:48 10 ----a-w- c:\windows\Fonts\wfonts.key 2013-01-07 01:19 . 2004-08-10 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2004-08-10 04:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2004-08-09 21:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-09 21:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2013-03-08 03:29 . 2013-03-08 03:28 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-29 4780928] "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2013-01-24 11184480] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2012-02-24 93504] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840] "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-05-20 198160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-11 110592] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-11 110592] Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-3-9 36903] Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 757760] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-11 286720] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\internet\eudora\EuShlExt.dll" [2005-11-14 86016] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [8/25/2012 1:56 PM 15360] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67664] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [7/5/2010 9:57 AM 8576] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/3/2010 10:50 AM 116608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/27/2010 7:57 PM 136360] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\nero\Update\NASvc.exe [5/4/2010 1:07 PM 503080] R2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [8/25/2012 1:50 PM 2833448] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672] R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [11/11/2010 12:54 PM 36224] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/15/2012 6:39 AM 245760] R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [8/25/2012 1:56 PM 10368] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/24/2010 8:52 AM 47360] S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [3/11/2012 1:08 PM 71424] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [3/11/2012 1:08 PM 11520] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800] S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [11/11/2003 9:33 AM 13195] S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [11/11/2003 9:34 AM 22891] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872] S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [9/17/2007 7:28 PM 10240] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [11/11/2010 12:54 PM 134912] . --- Other Services/Drivers In Memory --- . *Deregistered* - ArcRec . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs mrobeservice sddmi2 symndis vga . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-03-17 21:14 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-14 18:30 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 20:33] . 2013-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 05:35] . 2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 05:35] . 2013-03-28 c:\windows\Tasks\ReclaimerUpdateFiles_Compaq_Administrator.job - c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36] . 2013-03-28 c:\windows\Tasks\ReclaimerUpdateXML_Compaq_Administrator.job - c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36] . 2013-03-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job - c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://espn.go.com/ uInternet Settings,ProxyOverride = <local>;*.local IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm TCP: DhcpNameServer = 192.168.1.1 4.2.2.2 DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-02-02 19:07; crossriderapp4493@crossrider.com; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google . - - - - ORPHANS REMOVED - - - - . HKLM-Run-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe MSConfigStartUp-CTFMON - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-28 14:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1060) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(1116) c:\windows\system32\relog_ap.dll . - - - - - - - > 'explorer.exe'(2920) c:\windows\system32\WININET.dll c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll c:\program files\SugarSync\SugarSyncShellExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\NetRatingsNetSight\NetSight\nsmmc.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\windows\system32\IoctlSvc.exe c:\windows\ARPWRMSG.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\program files\ControlCenter4\BrCtrlCntr.exe c:\program files\ControlCenter4\BrCcUxSys.exe c:\program files\Raxco\PerfectDisk\PDEngine.exe c:\program files\iPod\bin\iPodService.exe c:\program files\DISC\DiscStreamHub.exe c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Completion time: 2013-03-28 15:04:34 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-28 22:04 ComboFix2.txt 2012-02-06 03:15 . Pre-Run: 14,615,588,864 bytes free Post-Run: 18,859,630,592 bytes free . - - End Of File - - 3E574BFCF36F1D9F53B3EC7AE3370C90
  16. juliofelipe
    Right now nothing is showing up on the SD card. It all disappeared when it got infected, and even after running the virus scan and deleting those new folders they haven't reappeared. Attached is the ComboFix log. When it was running, a message popped up 'You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack.' I am assuming that ComboFix got rid of it, and I didn't have any problem accessing the internet like the message said I might. Thanks! JF
  17. juliofelipe
    I deleted the files that were added by the infection - but I still can't see all of the files/folders that are supposed to be there. The output from look.bat says that those files are on the card, but they are hidden for some reason. And, attached are the two output files from dds. Thanks, JF attach.txt dds.txt
  18. juliofelipe
    N:\84612795 is not appearing when I look at the folder through Windows Explorer. I checked the properties on the other files and they all had the same target: F:\siuon.scr The F drive is the other drive that pops up when the camera is loaded. It seems to include the media software for the camera (the drive appears with the label ArcSoft SW). And to answer your question - you are correct, all of the files that you listed were not created by me. And the RECYCLER folder is also something that wasn't there before the infection. Thanks, JF
  19. juliofelipe
    Here is the output. FYI - the N:\DCIM, N:\MISC and all of the files in the DCIM\100SPORT folder are what should be there - but those aren't appearing when I open the drive in Windows Explorer. The RECYCLER and the other .lnk files are the ones that popped up when it got infected. And... thanks for helping me out with this problem. JF N:\DCIM N:\MISC N:\RECYCLER N:\New Folder.lnk N:\Passwords.lnk N:\Documents.lnk N:\Pictures.lnk N:\Music.lnk N:\Video.lnk N:\84612795 N:\look.bat N:\look.txt N:\DCIM\100SPORT N:\DCIM\100SPORT\100_0732.MOV N:\DCIM\100SPORT\100_0733.JPG N:\DCIM\100SPORT\100_0734.JPG N:\DCIM\100SPORT\100_0735.JPG N:\DCIM\100SPORT\100_0736.JPG N:\DCIM\100SPORT\100_0737.JPG N:\DCIM\100SPORT\100_0738.JPG N:\DCIM\100SPORT\100_0739.JPG N:\DCIM\100SPORT\100_0740.JPG N:\DCIM\100SPORT\100_0741.JPG N:\DCIM\100SPORT\100_0742.JPG N:\DCIM\100SPORT\100_0743.JPG N:\DCIM\100SPORT\100_0744.JPG N:\DCIM\100SPORT\100_0745.JPG N:\DCIM\100SPORT\100_0746.JPG N:\DCIM\100SPORT\100_0747.JPG N:\DCIM\100SPORT\100_0748.JPG N:\DCIM\100SPORT\100_0749.JPG N:\DCIM\100SPORT\100_0750.JPG N:\DCIM\100SPORT\100_0751.JPG N:\DCIM\100SPORT\100_0752.JPG N:\DCIM\100SPORT\100_0753.JPG N:\DCIM\100SPORT\100_0754.JPG N:\DCIM\100SPORT\100_0755.JPG N:\DCIM\100SPORT\100_0756.JPG N:\DCIM\100SPORT\100_0757.JPG N:\DCIM\100SPORT\100_0758.JPG N:\DCIM\100SPORT\100_0759.JPG N:\DCIM\100SPORT\100_0760.JPG N:\DCIM\100SPORT\100_0761.JPG N:\DCIM\100SPORT\100_0762.JPG N:\DCIM\100SPORT\100_0763.JPG N:\DCIM\100SPORT\100_0764.JPG N:\DCIM\100SPORT\100_0765.JPG N:\DCIM\100SPORT\100_0766.JPG N:\DCIM\100SPORT\100_0767.JPG N:\DCIM\100SPORT\100_0768.JPG N:\DCIM\100SPORT\100_0769.JPG N:\DCIM\100SPORT\100_0770.JPG N:\DCIM\100SPORT\100_0771.JPG N:\DCIM\100SPORT\100_0772.JPG N:\DCIM\100SPORT\100_0773.MOV N:\DCIM\100SPORT\100_0774.MOV N:\DCIM\100SPORT\100_0775.MOV N:\DCIM\100SPORT\100_0776.MOV N:\DCIM\100SPORT\100_0777.MOV N:\DCIM\100SPORT\100_0778.MOV N:\DCIM\100SPORT\100_0779.MOV N:\DCIM\100SPORT\100_0780.MOV N:\DCIM\100SPORT\100_0781.MOV N:\DCIM\100SPORT\100_0782.MOV N:\DCIM\100SPORT\100_0783.MOV N:\DCIM\100SPORT\100_0784.MOV N:\DCIM\100SPORT\100_0785.MOV N:\DCIM\100SPORT\100_0786.MOV N:\DCIM\100SPORT\100_0787.MOV N:\DCIM\100SPORT\100_0788.MOV N:\DCIM\100SPORT\100_0789.MOV N:\DCIM\100SPORT\100_0790.MOV N:\DCIM\100SPORT\100_0791.MOV N:\DCIM\100SPORT\100_0792.MOV N:\DCIM\100SPORT\100_0793.MOV N:\DCIM\100SPORT\100_0794.MOV N:\DCIM\100SPORT\100_0795.MOV N:\DCIM\100SPORT\100_0796.MOV N:\DCIM\100SPORT\100_0797.MOV N:\DCIM\100SPORT\100_0798.MOV N:\DCIM\100SPORT\100_0799.MOV N:\DCIM\100SPORT\100_0800.MOV N:\DCIM\100SPORT\100_0801.MOV N:\DCIM\100SPORT\100_0802.MOV N:\DCIM\100SPORT\100_0803.JPG N:\DCIM\100SPORT\100_0804.JPG N:\DCIM\100SPORT\100_0805.JPG N:\DCIM\100SPORT\100_0806.JPG N:\DCIM\100SPORT\100_0807.JPG N:\DCIM\100SPORT\100_0808.JPG N:\DCIM\100SPORT\100_0809.JPG N:\DCIM\100SPORT\100_0810.JPG N:\DCIM\100SPORT\100_0811.JPG N:\DCIM\100SPORT\100_0812.JPG N:\DCIM\100SPORT\100_0813.JPG N:\DCIM\100SPORT\100_0814.JPG N:\DCIM\100SPORT\100_0815.JPG N:\DCIM\100SPORT\100_0816.JPG N:\DCIM\100SPORT\100_0817.JPG N:\DCIM\100SPORT\100_0818.JPG N:\DCIM\100SPORT\100_0819.JPG N:\DCIM\100SPORT\100_0820.JPG N:\DCIM\100SPORT\100_0821.JPG N:\DCIM\100SPORT\100_0822.JPG N:\DCIM\100SPORT\100_0823.JPG N:\DCIM\100SPORT\100_0824.MOV N:\DCIM\100SPORT\100_0825.JPG N:\DCIM\100SPORT\100_0826.JPG N:\DCIM\100SPORT\100_0827.JPG N:\DCIM\100SPORT\100_0828.JPG N:\DCIM\100SPORT\100_0829.JPG N:\DCIM\100SPORT\100_0830.JPG N:\DCIM\100SPORT\100_0831.JPG N:\DCIM\100SPORT\100_0832.JPG N:\DCIM\100SPORT\100_0833.JPG N:\DCIM\100SPORT\100_0834.MOV N:\DCIM\100SPORT\100_0835.MOV N:\DCIM\100SPORT\100_0836.MOV N:\DCIM\100SPORT\100_0837.MOV N:\DCIM\100SPORT\100_0838.JPG N:\DCIM\100SPORT\100_0839.MOV N:\DCIM\100SPORT\100_0840.MOV N:\DCIM\100SPORT\100_0841.MOV N:\DCIM\100SPORT\100_0842.MOV N:\DCIM\100SPORT\100_0843.MOV N:\DCIM\100SPORT\100_0844.MOV N:\DCIM\100SPORT\100_0845.JPG N:\DCIM\100SPORT\100_0846.JPG N:\DCIM\100SPORT\100_0847.JPG N:\DCIM\100SPORT\100_0848.JPG N:\DCIM\100SPORT\100_0849.JPG N:\DCIM\100SPORT\100_0850.MOV N:\DCIM\100SPORT\100_0851.JPG N:\DCIM\100SPORT\100_0852.JPG N:\DCIM\100SPORT\100_0853.JPG N:\DCIM\100SPORT\100_0854.MOV N:\DCIM\100SPORT\100_0855.MOV N:\DCIM\100SPORT\100_0856.JPG N:\DCIM\100SPORT\100_0857.JPG N:\DCIM\100SPORT\100_0858.JPG N:\DCIM\100SPORT\100_0859.JPG N:\DCIM\100SPORT\100_0860.JPG N:\DCIM\100SPORT\100_0861.JPG N:\DCIM\100SPORT\100_0862.JPG N:\DCIM\100SPORT\100_0863.MOV N:\DCIM\100SPORT\100_0864.JPG N:\DCIM\100SPORT\100_0865.JPG N:\DCIM\100SPORT\100_0866.JPG N:\DCIM\100SPORT\100_0867.JPG N:\DCIM\100SPORT\100_0868.JPG N:\DCIM\100SPORT\100_0869.JPG N:\DCIM\100SPORT\100_0870.JPG N:\DCIM\100SPORT\100_0871.JPG N:\DCIM\100SPORT\100_0872.JPG N:\DCIM\100SPORT\100_0873.JPG N:\DCIM\100SPORT\100_0874.JPG N:\DCIM\100SPORT\100_0875.JPG N:\DCIM\100SPORT\100_0876.JPG N:\DCIM\100SPORT\100_0877.JPG N:\DCIM\100SPORT\100_0878.JPG N:\DCIM\100SPORT\100_0879.JPG N:\DCIM\100SPORT\100_0880.JPG N:\DCIM\100SPORT\100_0881.MOV N:\DCIM\100SPORT\100_0882.MOV N:\DCIM\100SPORT\100_0883.MOV N:\DCIM\100SPORT\100_0884.MOV N:\DCIM\100SPORT\100_0885.JPG N:\DCIM\100SPORT\100_0886.JPG N:\DCIM\100SPORT\100_0887.JPG N:\DCIM\100SPORT\100_0888.JPG N:\DCIM\100SPORT\100_0889.JPG N:\DCIM\100SPORT\100_0890.JPG N:\DCIM\100SPORT\100_0891.JPG N:\DCIM\100SPORT\100_0892.JPG N:\DCIM\100SPORT\100_0893.JPG N:\DCIM\100SPORT\100_0894.JPG N:\DCIM\100SPORT\100_0895.JPG N:\DCIM\100SPORT\100_0896.JPG N:\DCIM\100SPORT\100_0897.JPG N:\DCIM\100SPORT\100_0898.JPG N:\DCIM\100SPORT\100_0899.JPG N:\DCIM\100SPORT\100_0900.JPG N:\DCIM\100SPORT\100_0901.JPG N:\DCIM\100SPORT\100_0902.JPG N:\DCIM\100SPORT\100_0903.JPG N:\DCIM\100SPORT\100_0904.JPG N:\DCIM\100SPORT\100_0905.JPG N:\DCIM\100SPORT\100_0906.JPG N:\DCIM\100SPORT\100_0907.MOV N:\DCIM\100SPORT\100_0908.MOV N:\DCIM\100SPORT\100_0909.MOV N:\DCIM\100SPORT\100_0910.MOV N:\DCIM\100SPORT\100_0911.MOV N:\DCIM\100SPORT\100_0912.MOV N:\DCIM\100SPORT\100_0913.MOV N:\DCIM\100SPORT\100_0914.MOV N:\DCIM\100SPORT\100_0915.MOV N:\DCIM\100SPORT\100_0916.MOV N:\DCIM\100SPORT\100_0917.MOV N:\DCIM\100SPORT\100_0918.MOV N:\DCIM\100SPORT\100_0919.JPG N:\DCIM\100SPORT\100_0920.JPG N:\DCIM\100SPORT\100_0921.JPG N:\DCIM\100SPORT\100_0922.JPG N:\DCIM\100SPORT\100_0923.JPG N:\DCIM\100SPORT\100_0924.MOV N:\DCIM\100SPORT\100_0925.MOV N:\DCIM\100SPORT\100_0926.MOV N:\DCIM\100SPORT\100_0927.MOV N:\DCIM\100SPORT\100_0928.MOV N:\DCIM\100SPORT\100_0929.MOV N:\DCIM\100SPORT\100_0930.MOV N:\DCIM\100SPORT\100_0931.MOV N:\DCIM\100SPORT\100_0932.MOV N:\DCIM\100SPORT\100_0933.MOV N:\DCIM\100SPORT\100_0934.MOV N:\DCIM\100SPORT\100_0935.MOV N:\DCIM\100SPORT\100_0936.MOV N:\DCIM\100SPORT\100_0937.MOV N:\DCIM\100SPORT\100_0938.MOV N:\DCIM\100SPORT\100_0939.JPG N:\DCIM\100SPORT\100_0940.JPG N:\DCIM\100SPORT\100_0941.JPG N:\DCIM\100SPORT\100_0942.JPG N:\DCIM\100SPORT\100_0943.JPG N:\DCIM\100SPORT\100_0944.JPG N:\DCIM\100SPORT\100_0945.JPG N:\DCIM\100SPORT\100_0946.JPG N:\DCIM\100SPORT\100_0947.JPG N:\DCIM\100SPORT\100_0948.JPG N:\DCIM\100SPORT\100_0949.MOV N:\DCIM\100SPORT\100_0950.MOV N:\DCIM\100SPORT\100_0951.MOV N:\DCIM\100SPORT\100_0952.MOV N:\DCIM\100SPORT\100_0953.MOV N:\DCIM\100SPORT\100_0954.JPG N:\DCIM\100SPORT\100_0955.JPG N:\DCIM\100SPORT\100_0956.MOV N:\DCIM\100SPORT\100_0957.MOV N:\DCIM\100SPORT\100_0958.MOV N:\DCIM\100SPORT\100_0959.MOV N:\DCIM\100SPORT\100_0960.MOV N:\DCIM\100SPORT\100_0961.MOV N:\DCIM\100SPORT\100_0962.JPG N:\DCIM\100SPORT\100_0963.JPG N:\DCIM\100SPORT\100_0964.JPG N:\DCIM\100SPORT\100_0965.JPG N:\DCIM\100SPORT\100_0966.JPG N:\DCIM\100SPORT\100_0967.JPG N:\DCIM\100SPORT\100_0968.JPG N:\DCIM\100SPORT\100_0969.JPG N:\DCIM\100SPORT\100_0970.JPG N:\DCIM\100SPORT\100_0971.MOV N:\DCIM\100SPORT\100_0972.MOV N:\DCIM\100SPORT\100_0973.MOV N:\DCIM\100SPORT\100_0974.JPG N:\DCIM\100SPORT\100_0975.JPG N:\DCIM\100SPORT\100_0731.MOV N:\DCIM\100SPORT\100_0976.MOV N:\DCIM\100SPORT\100_0977.MOV N:\DCIM\100SPORT\100_0978.MOV N:\DCIM\100SPORT\100_0979.MOV N:\DCIM\100SPORT\100_0980.MOV N:\DCIM\100SPORT\100_0981.MOV N:\DCIM\100SPORT\100_0982.JPG N:\DCIM\100SPORT\100_0983.JPG N:\DCIM\100SPORT\100_0984.JPG N:\DCIM\100SPORT\100_0985.MOV N:\DCIM\100SPORT\100_0986.MOV N:\DCIM\100SPORT\100_0987.MOV N:\DCIM\100SPORT\100_0988.JPG N:\DCIM\100SPORT\100_0989.JPG N:\DCIM\100SPORT\100_0990.JPG N:\DCIM\100SPORT\100_0991.MOV N:\DCIM\100SPORT\100_0992.MOV N:\DCIM\100SPORT\100_0993.MOV N:\DCIM\100SPORT\100_0994.MOV N:\DCIM\100SPORT\100_0995.MOV N:\DCIM\100SPORT\100_0996.MOV N:\DCIM\100SPORT\100_0997.MOV N:\DCIM\100SPORT\100_0998.MOV N:\DCIM\100SPORT\100_0999.MOV N:\DCIM\100SPORT\100_1000.MOV N:\DCIM\100SPORT\100_1001.MOV N:\DCIM\100SPORT\100_1002.MOV N:\DCIM\100SPORT\100_1003.MOV N:\DCIM\100SPORT\100_1004.MOV N:\DCIM\100SPORT\100_1005.MOV N:\DCIM\100SPORT\100_1006.MOV N:\DCIM\100SPORT\100_1007.MOV N:\DCIM\100SPORT\100_1008.MOV N:\DCIM\100SPORT\100_1009.MOV N:\DCIM\100SPORT\100_1010.MOV N:\DCIM\100SPORT\100_1011.MOV N:\DCIM\100SPORT\100_1012.JPG N:\DCIM\100SPORT\100_1013.JPG N:\DCIM\100SPORT\100_1014.JPG N:\DCIM\100SPORT\100_1015.JPG N:\DCIM\100SPORT\100_1016.JPG N:\DCIM\100SPORT\100_1017.MOV N:\DCIM\100SPORT\100_1018.MOV N:\DCIM\100SPORT\100_1019.MOV N:\DCIM\100SPORT\100_1020.MOV N:\DCIM\100SPORT\100_1021.JPG N:\DCIM\100SPORT\100_1022.JPG N:\DCIM\100SPORT\100_1023.JPG N:\DCIM\100SPORT\100_1024.JPG N:\DCIM\100SPORT\100_1025.JPG N:\DCIM\100SPORT\100_1026.JPG N:\DCIM\100SPORT\100_1027.MOV N:\DCIM\100SPORT\100_1028.JPG N:\DCIM\100SPORT\100_1029.JPG N:\DCIM\100SPORT\100_1030.JPG N:\DCIM\100SPORT\100_1031.JPG N:\DCIM\100SPORT\100_1032.JPG N:\DCIM\100SPORT\100_1033.JPG N:\DCIM\100SPORT\100_1034.JPG N:\DCIM\100SPORT\100_1035.JPG N:\DCIM\100SPORT\100_1036.JPG N:\DCIM\100SPORT\100_1037.JPG N:\DCIM\100SPORT\100_1038.JPG N:\DCIM\100SPORT\100_1039.MOV N:\DCIM\100SPORT\100_1040.MOV N:\DCIM\100SPORT\100_1041.MOV N:\DCIM\100SPORT\100_1042.MOV N:\DCIM\100SPORT\100_1043.MOV N:\DCIM\100SPORT\100_1044.MOV N:\DCIM\100SPORT\100_1045.JPG N:\DCIM\100SPORT\100_1046.JPG N:\DCIM\100SPORT\100_1047.MOV N:\DCIM\100SPORT\100_1048.JPG N:\DCIM\100SPORT\100_1049.JPG N:\DCIM\100SPORT\100_1050.JPG N:\DCIM\100SPORT\100_1051.JPG N:\DCIM\100SPORT\100_1052.JPG N:\DCIM\100SPORT\100_1053.JPG N:\DCIM\100SPORT\100_1054.JPG N:\DCIM\100SPORT\100_1055.MOV N:\DCIM\100SPORT\100_1056.MOV N:\DCIM\100SPORT\100_1057.MOV N:\DCIM\100SPORT\100_1058.MOV N:\DCIM\100SPORT\100_1059.MOV N:\DCIM\100SPORT\100_1060.MOV N:\DCIM\100SPORT\100_1061.MOV N:\DCIM\100SPORT\100_1062.MOV N:\DCIM\100SPORT\100_1063.MOV N:\DCIM\100SPORT\100_1064.MOV N:\DCIM\100SPORT\100_1065.MOV N:\DCIM\100SPORT\100_1066.MOV N:\DCIM\100SPORT\100_1067.MOV N:\DCIM\100SPORT\100_1068.MOV N:\DCIM\100SPORT\100_1069.MOV N:\DCIM\100SPORT\100_1070.MOV N:\DCIM\100SPORT\100_1071.MOV N:\DCIM\100SPORT\100_1072.MOV N:\DCIM\100SPORT\100_1073.MOV N:\DCIM\100SPORT\100_1074.MOV N:\DCIM\100SPORT\100_1075.MOV N:\DCIM\100SPORT\100_1076.MOV N:\DCIM\100SPORT\100_1077.MOV N:\DCIM\100SPORT\100_1078.MOV N:\DCIM\100SPORT\100_1079.MOV N:\DCIM\100SPORT\100_1080.MOV N:\DCIM\100SPORT\100_1081.MOV N:\DCIM\100SPORT\100_1082.MOV N:\DCIM\100SPORT\100_1083.MOV N:\DCIM\100SPORT\100_1084.MOV N:\DCIM\100SPORT\100_1085.MOV N:\DCIM\100SPORT\100_1086.MOV N:\DCIM\100SPORT\100_1087.MOV N:\DCIM\100SPORT\100_1088.MOV N:\DCIM\100SPORT\100_1089.MOV N:\DCIM\100SPORT\100_1090.MOV N:\DCIM\100SPORT\100_1091.MOV N:\DCIM\100SPORT\100_1092.MOV N:\DCIM\100SPORT\100_1093.MOV N:\DCIM\100SPORT\100_1094.MOV N:\DCIM\100SPORT\100_1095.MOV N:\DCIM\100SPORT\100_1096.MOV N:\DCIM\100SPORT\100_1097.MOV N:\DCIM\100SPORT\100_1098.MOV N:\DCIM\100SPORT\100_1099.MOV N:\DCIM\100SPORT\100_1100.MOV N:\DCIM\100SPORT\100_1101.MOV N:\DCIM\100SPORT\100_1102.MOV N:\DCIM\100SPORT\100_1103.MOV N:\DCIM\100SPORT\100_1104.MOV N:\DCIM\100SPORT\100_1105.MOV N:\DCIM\100SPORT\100_1106.MOV N:\DCIM\100SPORT\100_1107.JPG N:\DCIM\100SPORT\100_1108.JPG N:\DCIM\100SPORT\100_1109.JPG N:\DCIM\100SPORT\100_1110.JPG N:\DCIM\100SPORT\100_1111.JPG N:\DCIM\100SPORT\100_1112.JPG N:\DCIM\100SPORT\100_1113.JPG N:\DCIM\100SPORT\100_1114.JPG N:\DCIM\100SPORT\100_1115.JPG N:\DCIM\100SPORT\100_1116.JPG N:\DCIM\100SPORT\100_1117.JPG N:\DCIM\100SPORT\100_1118.JPG N:\DCIM\100SPORT\100_1119.JPG N:\DCIM\100SPORT\100_1120.JPG N:\DCIM\100SPORT\100_1121.JPG N:\DCIM\100SPORT\100_1122.JPG N:\DCIM\100SPORT\100_1123.JPG N:\DCIM\100SPORT\100_1124.JPG N:\DCIM\100SPORT\100_1125.JPG N:\DCIM\100SPORT\100_1126.JPG N:\DCIM\100SPORT\100_1127.JPG N:\DCIM\100SPORT\100_1128.JPG N:\DCIM\100SPORT\100_1129.JPG N:\DCIM\100SPORT\100_1130.JPG N:\DCIM\100SPORT\100_1131.JPG N:\DCIM\100SPORT\100_1132.JPG N:\DCIM\100SPORT\100_1133.JPG N:\DCIM\100SPORT\100_1134.JPG N:\DCIM\100SPORT\100_1135.JPG N:\DCIM\100SPORT\100_1136.JPG N:\DCIM\100SPORT\100_1137.JPG N:\DCIM\100SPORT\100_1138.JPG N:\DCIM\100SPORT\100_1139.JPG N:\DCIM\100SPORT\100_1140.JPG N:\DCIM\100SPORT\100_1141.JPG N:\DCIM\100SPORT\100_1142.JPG N:\DCIM\100SPORT\100_1143.JPG N:\DCIM\100SPORT\100_1144.JPG N:\DCIM\100SPORT\100_1145.JPG N:\DCIM\100SPORT\100_1146.JPG N:\DCIM\100SPORT\100_1147.JPG N:\DCIM\100SPORT\100_1148.JPG N:\DCIM\100SPORT\100_1149.JPG N:\DCIM\100SPORT\100_1150.JPG N:\DCIM\100SPORT\100_1151.JPG N:\DCIM\100SPORT\100_1152.JPG N:\DCIM\100SPORT\100_1153.JPG N:\DCIM\100SPORT\100_1154.JPG N:\DCIM\100SPORT\100_1155.JPG N:\DCIM\100SPORT\100_1156.JPG N:\DCIM\100SPORT\100_1157.JPG N:\DCIM\100SPORT\100_1158.JPG N:\DCIM\100SPORT\100_1159.JPG N:\DCIM\100SPORT\100_1160.JPG N:\DCIM\100SPORT\100_1161.JPG N:\DCIM\100SPORT\100_1162.JPG N:\DCIM\100SPORT\100_1163.JPG N:\DCIM\100SPORT\100_1164.JPG N:\DCIM\100SPORT\100_1165.JPG N:\DCIM\100SPORT\100_1166.JPG N:\DCIM\100SPORT\100_1167.JPG N:\DCIM\100SPORT\100_1168.JPG N:\DCIM\100SPORT\100_1169.JPG N:\DCIM\100SPORT\100_1170.JPG N:\DCIM\100SPORT\100_1171.JPG N:\DCIM\100SPORT\100_1172.JPG N:\DCIM\100SPORT\100_1173.JPG N:\DCIM\100SPORT\100_1174.JPG N:\DCIM\100SPORT\100_1175.JPG N:\DCIM\100SPORT\100_1176.JPG N:\DCIM\100SPORT\100_1177.JPG N:\DCIM\100SPORT\100_1178.JPG N:\DCIM\100SPORT\100_1179.JPG N:\DCIM\100SPORT\100_1180.JPG N:\DCIM\100SPORT\100_1181.JPG
  20. juliofelipe
    I plugged my camera into a computer at work and it picked up some malware. Now when I go to explore the contents of the SD card, instead of seeing the picture/video files, it shows 7 folders (shortcuts to Documents, Music, New Folder, Passwords, Video, and Pictures - and a folder called RECYCLER). My virus scanner at work picked it up as having a Win32.(something) virus - sorry, I didn't get the whole thing written down. I ran the virus scan and it said that it removed the issue - but the picture/video files are still not showing up. When I click on one of the folder links, I get a message that "the item 'siuon.scr' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?" So, it seems that the virus scan may have done something, but it's not the whole way fixed. I ran Malwarebytes on the camera (it comes up as two separate drives when plugged in - one for what appears to be the internal memory of the camera and a second for the SD card) on both drives and nothing came up. I ran the dds file like instructed, but that only looked at my internal harddrive, and not the drives on the camera. I have looked all over online and I can't seem to find much info on how to clean external drives like an SD card. Any help that you can offer would be much appreciated. Thanks, JF
  21. juliofelipe
    I have picked up something that is either creating files and eating up all of my hard drive disk space or is somehow tricking my system to think it has no space. I went to bed the other evening and had approx 20GB of free space - when I got on the next morning, I had 0. I then moved about 5-6 GB of stuff to an external drive and a little while later I checked and that space also disappeared. I ran MBAM (and superantispyware) and nothing was found. I restarted my computer into safe mode - and now it says it has just under 1GB of space (which isn't correct, but at least it is enough space to allow me to download and run DDS.scr). Results are below. BTW - I did a search for any large files to see if the virus was creating some fake files to eat up the space - and didn't see anything unusual in the search results. So, I don't know where the missing space is going. Thanks for your help. JF . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12 Run by Compaq_Administrator at 8:34:15 on 2012-01-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.576 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://espn.go.com/ uInternet Settings,ProxyOverride = <local>;*.local BHO: {14b82fbc-650e-4ee6-a219-d19d0c50612f} - c:\documents and settings\compaq_administrator\local settings\application data\ShellWin32.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi0498~1\datamngr\IEBHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe" mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjYzMjA3NDEzLUZMMTArMS1ERFQrNTA4MS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzE"&"prod=90"&"ver=10.0.1392 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0) IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: intuit.com\ttlc DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/ FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s= . ============= SERVICES / DRIVERS =============== . R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-3 116608] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?] S1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-11 127744] S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664] S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 66616] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-11 36224] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195] S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2007-9-17 10240] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-11 134912] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176] . =============== Created Last 30 ================ . 2011-12-30 04:47:52 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-12-20 01:28:05 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess 2011-12-20 00:53:45 -------- d-----w- c:\documents and settings\compaq_administrator\AppData 2011-12-20 00:53:43 -------- d-----w- c:\documents and settings\compaq_administrator\application data\searchquband 2011-12-20 00:52:39 -------- d-----w- c:\documents and settings\compaq_administrator\application data\searchqutoolbar 2011-12-20 00:52:21 -------- d-----w- c:\program files\Windows Savevid Toolbar 2011-12-20 00:52:15 -------- dc-h--w- c:\documents and settings\all users\application data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA} 2011-12-20 00:52:10 -------- d-----w- c:\program files\Savevid 2011-12-20 00:51:32 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\PackageAware 2011-12-20 00:35:56 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Any Flv Converter 2011-12-20 00:35:53 -------- d-----w- c:\program files\Any Flv Converter 2011-12-15 15:02:28 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-12-15 15:02:27 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-15 03:50:58 602112 ----a-w- c:\windows\system32\SET44.tmp 2011-12-15 03:50:55 55296 ----a-w- c:\windows\system32\SET43.tmp 2011-12-15 03:50:52 105984 ----a-w- c:\windows\system32\SET3E.tmp 2011-12-15 03:50:49 2000384 ----a-w- c:\windows\system32\SET48.tmp 2011-12-15 03:50:46 916992 ----a-w- c:\windows\system32\SET3C.tmp 2011-12-15 03:50:44 1212416 ----a-w- c:\windows\system32\SET3D.tmp 2011-12-15 03:50:41 5978112 ----a-w- c:\windows\system32\SET42.tmp 2011-12-15 03:50:38 11081728 ----a-w- c:\windows\system32\SET4A.tmp 2011-12-09 03:00:47 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-03 03:54:32 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-12-03 03:54:32 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\SET7C.tmp 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-15 01:38:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 8:35:19.26 =============== attach.zip
  22. juliofelipe
    I have picked up something that is either creating files and eating up all of my hard drive disk space or is somehow tricking my system to think it has no space. I went to bed the other evening and had approx 20GB of free space - when I got on the next morning, I had 0. I then moved about 5-6 GB of stuff to an external drive and a little while later I checked and that space also disappeared. I ran MBAM (and superantispyware) and nothing was found. Since I don't have any disk space, I can't even download the dds.scr file. I tried deleting something to create enough room for dds, but once a file is deleted, that empty space is immediately eaten and I go back to 0 space available. I tried to save it to my external HDD and run it from there, but I couldn't the file to save there either. I don't even know where to start with this. Thanks for your help. JF
  23. juliofelipe
    I have two things (at least) going on with my computer. - I've had that annoying thing where I am redirected to the wrong site when clicking on a Google search link. That has been going on for a while, and MBAM hasn't been able to remove it. - Then the other day I picked up the Security Shield malware and those annoying popups. I have run MBAM in safe mode and that hasn't fixed it. I have tried to run combofix, but it says it can't run while AVG is running - but I uninstalled that a while back, but combofix is still picking it up. Below is the dds.txt file and I've attached attach.zip. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12 Run by Compaq_Administrator at 20:30:38 on 2011-12-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.182 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe C:\Program Files\DISC\DiscUpdateMgr.exe C:\Program Files\DISC\DISCover.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SugarSync\SugarSyncManager.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\DISC\DiscGui.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\APPLIC~1\szxnverrki.exe C:\WINDOWS\arservice.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\IoctlSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\msiexec.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://espn.go.com/ uInternet Settings,ProxyOverride = <local>;*.local BHO: {14b82fbc-650e-4ee6-a219-d19d0c50612f} - c:\documents and settings\compaq_administrator\local settings\application data\ShellWin32.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true uRun: [YahooPartnerToolbar Update] rundll32 uRun: [TikGames Update] rundll32 uRun: [DisplayOnlineNotifier] rundll32.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe mRun: [DISCover] c:\program files\disc\DISCover.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjYzMjA3NDEzLUZMMTArMS1ERFQrNTA4MS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzE"&"prod=90"&"ver=10.0.1392 StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0) IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: intuit.com\ttlc DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/ FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s= . ============= SERVICES / DRIVERS =============== . R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-11 127744] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-3 116608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 136360] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 66616] R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-11 36224] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 269480] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195] S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2007-9-17 10240] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-11 134912] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176] . =============== Created Last 30 ================ . 2011-12-17 04:50:12 366592 ----a-w- c:\documents and settings\compaq_administrator\local settings\application data\szxnverrki.exe 2011-12-15 15:02:28 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-12-15 15:02:27 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-15 03:50:58 602112 ----a-w- c:\windows\system32\SET44.tmp 2011-12-15 03:50:55 55296 ----a-w- c:\windows\system32\SET43.tmp 2011-12-15 03:50:52 105984 ----a-w- c:\windows\system32\SET3E.tmp 2011-12-15 03:50:49 2000384 ----a-w- c:\windows\system32\SET48.tmp 2011-12-15 03:50:46 916992 ----a-w- c:\windows\system32\SET3C.tmp 2011-12-15 03:50:44 1212416 ----a-w- c:\windows\system32\SET3D.tmp 2011-12-15 03:50:41 5978112 ----a-w- c:\windows\system32\SET42.tmp 2011-12-15 03:50:38 11081728 ----a-w- c:\windows\system32\SET4A.tmp 2011-12-09 03:00:47 -------- d-----w- c:\program files\Bonjour 2011-12-03 03:56:56 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll 2011-12-03 03:55:55 -------- d-----w- c:\program files\common files\xing shared 2011-12-03 03:55:18 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll 2011-12-03 03:54:53 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll 2011-12-03 02:19:16 -------- d-----w- C:\Kindle Library . ==================== Find3M ==================== . 2011-12-03 03:54:32 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-12-03 03:54:32 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\SET7C.tmp 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-15 01:38:00 456192 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST3200826AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85B584C0]<< _asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x85b5f8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x85b5f730]; JNZ 0x1f; MOV [ESP+0xc], ECX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8633AAB8] 3 CLASSPNP[0xF7590FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x86384F18] 5 ACPI[0xF7407620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8638F940] \Driver\atapi[0x85BC7BE0] -> IRP_MJ_CREATE -> 0x85B584C0 error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x85B582E0 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 20:31:32.73 ===============
  24. juliofelipe
    Here is the result for acroff.dll Antivirus Version Last Update Result AhnLab-V3 2010.10.07.00 2010.10.06 - AntiVir 7.10.12.142 2010.10.06 - Antiy-AVL 2.0.3.7 2010.10.07 - Authentium 5.2.0.5 2010.10.07 - AVG 9.0.0.851 2010.10.06 - BitDefender 7.2 2010.10.07 - CAT-QuickHeal 11.00 2010.10.05 - Comodo 6305 2010.10.06 - DrWeb 5.0.2.03300 2010.10.07 - eSafe 7.0.17.0 2010.10.06 - eTrust-Vet 36.1.7895 2010.10.06 - F-Prot 4.6.2.117 2010.10.06 - F-Secure 9.0.15370.0 2010.10.07 - Fortinet 4.2.249.0 2010.10.06 - GData 21 2010.10.07 - Ikarus T3.1.1.90.0 2010.10.07 - Jiangmin 13.0.900 2010.10.06 - K7AntiVirus 9.63.2689 2010.10.06 - McAfee 5.400.0.1158 2010.10.07 - McAfee-GW-Edition 2010.1C 2010.10.07 - Microsoft 1.6201 2010.10.06 - NOD32 5510 2010.10.06 - Norman 6.06.07 2010.10.06 - nProtect 2010-10-06.02 2010.10.06 - Panda 10.0.2.7 2010.10.06 - PCTools 7.0.3.5 2010.10.02 - Prevx 3.0 2010.10.07 - Rising 22.67.02.07 2010.09.30 - Sophos 4.58.0 2010.10.07 - Sunbelt 7003 2010.10.07 - SUPERAntiSpyware 4.40.0.1006 2010.10.07 - Symantec 20101.2.0.161 2010.10.06 - TheHacker 6.7.0.1.050 2010.10.06 - TrendMicro 9.120.0.1004 2010.10.07 - TrendMicro-HouseCall 9.120.0.1004 2010.10.07 - VBA32 3.12.14.1 2010.10.06 - ViRobot 2010.10.4.4074 2010.10.07 - VirusBuster 12.67.6.0 2010.10.06 - Additional informationShow all MD5 : 0dc983faaf61c8890ea58f43017cf7fb SHA1 : 51d3352769b8b28c33ec1159fd16300d558adcfb SHA256: e7acd6c79d36ea8ba8e2031bc10514c822fef11fc4f38bcdc7c155fdc87380d4 Here is the result for srvblck2.tmp Antivirus Version Last Update Result AhnLab-V3 2010.10.07.00 2010.10.06 - AntiVir 7.10.12.142 2010.10.06 - Antiy-AVL 2.0.3.7 2010.10.07 - Authentium 5.2.0.5 2010.10.07 - Avast 4.8.1351.0 2010.10.07 - Avast5 5.0.594.0 2010.10.07 - AVG 9.0.0.851 2010.10.06 - BitDefender 7.2 2010.10.07 - CAT-QuickHeal 11.00 2010.10.05 - ClamAV 0.96.2.0-git 2010.10.06 - Comodo 6305 2010.10.06 - DrWeb 5.0.2.03300 2010.10.07 - Emsisoft 5.0.0.50 2010.10.07 - eSafe 7.0.17.0 2010.10.06 - eTrust-Vet 36.1.7895 2010.10.06 - F-Prot 4.6.2.117 2010.10.06 - F-Secure 9.0.15370.0 2010.10.07 - Fortinet 4.2.249.0 2010.10.06 - GData 21 2010.10.07 - Ikarus T3.1.1.90.0 2010.10.07 - Jiangmin 13.0.900 2010.10.06 - K7AntiVirus 9.63.2689 2010.10.06 - Kaspersky 7.0.0.125 2010.10.07 - McAfee 5.400.0.1158 2010.10.07 - McAfee-GW-Edition 2010.1C 2010.10.07 - Microsoft 1.6201 2010.10.06 - NOD32 5510 2010.10.06 - Norman 6.06.07 2010.10.06 - nProtect 2010-10-06.02 2010.10.06 - Panda 10.0.2.7 2010.10.06 - PCTools 7.0.3.5 2010.10.02 - Prevx 3.0 2010.10.07 - Rising 22.67.02.07 2010.09.30 - Sophos 4.58.0 2010.10.07 - Sunbelt 7003 2010.10.07 - SUPERAntiSpyware 4.40.0.1006 2010.10.07 - Symantec 20101.2.0.161 2010.10.06 - TheHacker 6.7.0.1.050 2010.10.06 - TrendMicro 9.120.0.1004 2010.10.07 - TrendMicro-HouseCall 9.120.0.1004 2010.10.07 - VBA32 3.12.14.1 2010.10.06 - ViRobot 2010.10.4.4074 2010.10.07 - VirusBuster 12.67.6.0 2010.10.06 - Additional informationShow all MD5 : 71e67b258fee325462f31410688385bb SHA1 : 14789121e2beb5ede1e8c9dc54c75eece86e278d SHA256: 86df9c2234d1403e66fef7d7b12e7a2f046dc86a0dce3ec6699972fe24a8a876 Attached is the ESET log. One other thing... I noticed two files c:\pagefile.sys and c:\hyberfil.sys. These two files are 1.4 GB and 940MB, respectively. I have never noticed them before - but their large size caught my eye. Are they supposed to be there, and that big? log.txt
  25. juliofelipe
    We seem to be doing better. I've had my web browser open for a half an hour and haven't had any unwanted pop-ups so far. Firefox is still crashing when I try to upload my ComboFix log. =( Thanks, JF DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Administrator at 19:47:49.76 on Mon 10/04/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.426 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\IoctlSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\dllhost.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://espn.go.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0) uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0) IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\w95kl63c.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/ FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s= FF - prefs.js: network.proxy.type - 0 FF - component: c:\windows\system32\5005\components\AcroFF.dll FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 60936] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-16 20952] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-16 304464] S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195] S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] =============== Created Last 30 ================ 2010-10-03 01:09:11 0 d-----w- c:\program files\ESET 2010-09-30 01:54:18 0 d-----w- c:\docume~1\compaq~1\applic~1\Avira 2010-09-30 01:43:32 0 d-----w- c:\windows\system32\NtmsData 2010-09-29 13:47:10 0 d-sha-r- C:\cmdcons 2010-09-29 13:26:51 77312 ----a-w- c:\windows\MBR.exe 2010-09-29 13:26:51 256512 ----a-w- c:\windows\PEV.exe 2010-09-28 02:57:00 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-09-28 02:57:00 0 d-----w- c:\program files\Avira 2010-09-28 02:57:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-09-26 00:38:41 0 d-----w- c:\windows\system32\xmldm 2010-09-25 01:08:38 0 ----a-w- c:\windows\system32\w95kl63c.default.tmp 2010-09-25 01:00:46 41984 ----a-w- c:\windows\system32\w95kl63c.default.dat 2010-09-24 13:29:39 0 d-----w- c:\windows\system32\5005 2010-09-24 13:29:30 112 ----a-w- c:\windows\system32\srvblck2.tmp 2010-09-24 13:29:15 0 d-----w- c:\windows\system32\cock ==================== Find3M ==================== 2010-09-05 04:43:12 68600 ----a-w- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT 2010-08-28 03:27:21 135184 ----a-w- c:\windows\system32\drivers\DefragFs.sys 2010-08-28 03:26:54 237320 ----a-w- c:\windows\system32\PDBoot.exe 2010-07-14 22:40:39 54236 ---ha-w- c:\windows\system32\mlfcache.dat 2010-07-11 16:22:49 160275 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe 2008-12-09 15:23:13 47616 --sh--r- c:\windows\system32\appconf32.exe 2009-01-11 21:55:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011120090112\index.dat ============= FINISH: 19:48:03.82 =============== combofix_log2.txt Attach4.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.