juliofelipe
-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by juliofelipe
-
-
Nope - I think we're all good. Thanks so much for all of your help.
JF
-
I think that might have fixed the pop-up issue. Here's the log from AdwCleaner.
# AdwCleaner v2.115 - Logfile created 04/01/2013 at 16:01:00
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Compaq_Administrator - HADDY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\extensions\crossriderapp4493@crossrider.com
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Coupon Companion
Folder Deleted : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Coupon Companion
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\SanctionedMedia
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\prefs.js
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\user.js ... Deleted !
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359860807);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 38);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359860807");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359860807");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1361285542");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Wed Apr 03 2013 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363927447");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221364833278%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648339%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359907218489");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22138709%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359907206812");
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "85");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Mon Apr 01[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 35);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_98.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,10000[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 61);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 85);
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13c9e0e175f334feb9a4da8d4df06c2c");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1359861389);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22747169);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22747529);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp4493.statsDailyCounter", 52);
Deleted : user_pref("extensions.enabledAddons", "moveplayer%40movenetworks.com:1.0.0.071303000006,%7Ba0d7ccb3-[...]
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0o53n88q.default\prefs.js
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
-\\ Google Chrome v26.0.1410.43
File : C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [25253 octets] - [01/04/2013 16:01:00]
########## EOF - C:\AdwCleaner[s1].txt - [25314 octets] ##########
-
Yay! I can see my photo and video files When I plugged the camera back in, the files were visible but were that light semi-transparent look - like when you are going to cut a file/folder before pasting it somewhere else. But when I ran the attrib command, the folders looked solid again. Thanks!
I updated java and adobe reader, so that is taken care of.
Below is the log from OTL.
One other thing I want to bring up. I'm starting to get pop-ups on my browser (firefox) and I've never had a problem with unwanted pop-ups. Now every so often I click a link and a blank pop-up page comes up, and the link I had clicked didn't go through. So, I have to close the pop-up window and then click the link again to get to the page I wanted. When I clicked the link to download the adobe reader update, I got this pop-up instead. Here is the address that appeared on that pop-up - http://serve.bannersdontwork.com/serve?size=800x600&referer=adobe.com&m=false.
Thanks!
JF
========== OTL ==========
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 04012013_112119
-
Part 2 - Here is the Extras output file.
OTL Extras logfile created on: 4/1/2013 8:52:41 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.49% Memory free
4.18 Gb Paging File | 3.04 Gb Available in Paging File | 72.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.37 Gb Total Space | 17.51 Gb Free Space | 9.81% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.07% Space Free | Partition Type: FAT32
Drive F: | 69.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive N: | 29.87 Gb Total Space | 8.06 Gb Free Space | 26.98% Space Free | Partition Type: FAT32
Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Disabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DSH -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Brother\Brmfl10g\FAXRX.exe" = C:\Program Files\Brother\Brmfl10g\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro
"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C91041E-406E-C082-0D03-75D4BC9C6CB0}" = Picaboo X
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EC0A77B-AFAF-4B9A-A2AF-412589CF5FF6}" = Eudora
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B9273566-6E0A-4A87-AABB-08A0733ECE8E}" = MEET MANAGER 2.0 for Track & Field
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E722A962-E87D-CB6B-EB1E-27AD13D0F577}" = AMD Parental Control & Encoder
"{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D" = Zuma Deluxe from Compaq (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"3B3B73D1-DC4A-4780-B0E4-E823D08B3397" = 5 Card Slingo from Compaq (remove only)
"422C7575-C10D-4795-87FA-9972765379E6" = Mah Jong Quest from Compaq (remove only)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"52AEBC18-F252-4B0C-B3E1-724537D9F873" = Ricochet Lost Worlds from Compaq (remove only)
"53474592-01BC-4338-8647-FE350957D912" = Barnyard Invasion from Compaq (remove only)
"5AF1DD17-7B06-45EF-8592-2E524E458BAB" = Insaniquarium Deluxe from Compaq (remove only)
"63E4EC24-7173-4E1F-9C77-B4403CBCF91F" = Lemonade Tycoon 2 from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"85CF9BF3-1057-468C-962D-31BAABC6AC72" = FATE from Compaq (remove only)
"8D11F98B-4931-44F6-8FC6-971CCBBBB131" = Snowboard SuperJam from Compaq (remove only)
"9448DE42-C017-4A3E-A0BB-C50BF673E9E0" = Chuzzle Deluxe from Compaq (remove only)
"997DD523-B925-4C73-970B-C201E8F781AD" = AstroPop Deluxe from Compaq (remove only)
"9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only)
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 4.1.0422
"Allok Video Joiner_is1" = Allok Video Joiner 3.3.1116
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.40
"AVI Joiner_is1" = AVI Joiner
"AVI Splitter_is1" = AVI Splitter
"Avi2Dvd" = Avi2Dvd 0.4.4 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only)
"BBE9E0F3-11F7-4424-9905-8E0153E872C1" = Family Feud
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B" = Boggle Supreme from Compaq (remove only)
"CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only)
"CalorieKing.com Diet Diary for PalmOS" = CalorieKing.com Diet Diary for PalmOS
"CCleaner" = CCleaner (remove only)
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Companion" = Coupon Companion
"D84AC71A-75E8-4709-8BA5-4B46EAC00C5E" = Bejeweled 2 Deluxe from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"DISCover" = DISCover
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDx_is1" = DVDx
"E1A0F769-A43A-4DDB-9F73-12791E453557" = Puzzle Express from Compaq (remove only)
"E618FC78-EE4F-4243-8409-078EB5E0B1F6" = Bookworm Deluxe from Compaq (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9" = Slingo Deluxe from Compaq (remove only)
"FA6A73EB-40AB-4B58-851D-3892B3C10EF6" = SCRABBLE from Compaq (remove only)
"FileHippo.com" = FileHippo.com Update Checker
"FLVPlayer" = FLV Player 1.3.3
"Forte Agent" = Forté Agent
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95
"Free WMA MP3 Converter" = Free WMA MP3 Converter
"Google Chrome" = Google Chrome
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NetSight" = Nielsen
"Nike+ Connect" = Nike+ Connect
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Open Video Joiner_is1" = Open Video Joiner version 3.1
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PG-1-278" = MultiLane version 1.0
"Photo Viewer_is1" = Photo Viewer 2.4
"Photo2DVD Studio_is1" = Photo2DVD Studio Build 4.8.0.1
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"SaveVid Plug-in" = SaveVid Plug-in
"SPSS for Windows 11.5" = SPSS 11.5 for Windows
"Sqirlz Morph" = Sqirlz Morph
"SubtitleCreator" = SubtitleCreator
"SugarSync" = SugarSync Manager
"TuneUpMedia" = TuneUp Companion 2.4.6.4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"Tweak UI 2.10" = Tweak UI
"Video Cleaner" = River Past Video Cleaner
"VLC media player" = VLC media player 2.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMorph_is1" = WinMorph™ 3.01
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD_is1" = XviD 1.1 final uninstall
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/24/2013 7:07:05 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:07:05.752]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:08:14 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:08:14.752]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/31/2013 11:37:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:37:26.828]: [00002164]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 3/31/2013 11:37:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:37:26.828]: [00002164]: Initialize TwdsMain
Class failed!
Error - 3/31/2013 11:38:12 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:38:12.000]: [00002164]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 3/31/2013 11:38:12 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:38:12.000]: [00002164]: Initialize TwdsMain
Class failed!
Error - 3/31/2013 11:39:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:39:47.843]: [00002164]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 3/31/2013 11:39:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2013/03/31 20:39:47.843]: [00002164]: Initialize TwdsMain
Class failed!
Error - 4/1/2013 11:27:17 AM | Computer Name = HADDY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 19.0.2.4814, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/1/2013 11:27:50 AM | Computer Name = HADDY | Source = Application Hang | ID = 1002
Description = Hanging application Compaq Connections.exe, version 6.3.2.116, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 3/30/2013 3:52:35 PM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/31/2013 4:01:17 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
< End of report >
-
I ran unhide and the output said it found 455 files, but I'm still not seeing them on Windows Explorer?
Here are all of the output files. First Unhide, then OTL, then Extras.
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 04/01/2013 08:34:23 AM
Windows Version: Windows XP
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 379046 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 16338 files processed.
Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.
Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.
Processing the N:\ drive
Finished processing the N:\ drive. 455 files processed.
The C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 04/01/2013 08:49:41 AM
Execution time: 0 hours(s), 15 minute(s), and 18 seconds(s)
OTL logfile created on: 4/1/2013 8:52:41 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 74.49% Memory free
4.18 Gb Paging File | 3.04 Gb Available in Paging File | 72.75% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.37 Gb Total Space | 17.51 Gb Free Space | 9.81% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.07% Space Free | Partition Type: FAT32
Drive F: | 69.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive N: | 29.87 Gb Total Space | 8.06 Gb Free Space | 26.98% Space Free | Partition Type: FAT32
Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2013/01/24 01:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2012/09/28 20:45:33 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/19 17:14:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/02/24 05:49:52 | 000,093,504 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/11/03 03:26:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/01 08:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/09 05:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\nero\Update\NASvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 09:49:40 | 000,757,760 | ---- | M] (Giganews, Inc.) -- C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
PRC - [2005/11/11 14:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 14:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 14:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 14:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/01 03:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/02 17:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/30 13:04:21 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2013/03/30 13:04:20 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2013/02/14 04:12:07 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 04:11:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:10:53 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 04:07:24 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/14 04:04:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/02/14 04:04:04 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/02/14 04:04:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/02/14 04:04:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/02/14 04:04:00 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/02/14 04:03:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/02/14 04:03:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/02/14 04:03:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/02/14 04:03:41 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/02/14 04:03:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/01/09 04:19:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:19:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/09 04:16:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 04:16:34 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 04:15:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 04:15:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 04:05:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1e116300\mscorlib.dll
MOD - [2013/01/09 04:04:57 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6ea43965\system.drawing.dll
MOD - [2013/01/09 04:04:51 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0203b7a4\system.xml.dll
MOD - [2013/01/09 04:04:47 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f63600c2\system.windows.forms.dll
MOD - [2013/01/09 04:04:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b7aa3e59\system.dll
MOD - [2013/01/09 04:04:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/09 04:04:29 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/01/09 04:04:28 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/09 04:04:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/10/29 10:39:36 | 000,502,784 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2012/10/29 10:36:12 | 000,753,664 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
MOD - [2012/10/29 10:35:06 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll
MOD - [2012/10/29 10:34:50 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
MOD - [2012/10/29 10:34:42 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll
MOD - [2012/10/29 10:34:32 | 000,503,808 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll
MOD - [2012/02/21 04:58:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/21 04:48:18 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
MOD - [2012/02/21 04:48:11 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/21 04:48:07 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/21 04:41:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2012/02/21 04:40:32 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2012/02/21 04:39:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/21 04:38:49 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
MOD - [2012/02/21 04:38:19 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/21 04:38:10 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/21 04:37:58 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/21 04:37:45 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/21 04:37:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/12/17 08:48:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/17 08:48:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/01/20 21:53:20 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/01/20 21:53:20 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/20 21:53:18 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/01/20 21:53:18 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/01/20 21:53:18 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/01/20 21:53:18 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/01/20 21:53:18 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/20 21:53:17 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/20 21:53:17 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/20 21:53:17 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/01/20 21:53:17 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/06/13 12:01:28 | 000,410,432 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll
MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/01/27 22:16:47 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/27 22:16:47 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/27 22:16:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/27 22:16:45 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/27 22:16:44 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/27 22:16:44 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/27 22:16:43 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/27 22:16:42 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/27 22:16:42 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/27 22:16:42 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2009/03/07 11:36:53 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/07 11:36:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/07 11:36:52 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/07 11:36:52 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/07 11:36:52 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/07 11:36:52 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/28 11:30:08 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/28 11:30:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/28 11:30:05 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/02/28 11:20:54 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/28 11:20:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/28 11:20:50 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/28 11:20:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/28 11:20:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/02/28 11:20:49 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/09 19:50:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/03/09 19:50:34 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2006/03/09 19:50:33 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
========== Services (SafeList) ==========
SRV - [2013/03/12 13:33:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 20:29:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/05 10:05:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2003/10/13 16:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2012/10/01 21:00:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/10/01 21:00:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/10/01 21:00:20 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/10/01 21:00:15 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/03/20 17:23:38 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2012/03/20 17:23:26 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2011/10/08 20:25:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 20:25:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/28 09:48:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:48:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/19 11:16:52 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/09/07 03:37:14 | 000,104,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2010/08/27 20:27:21 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/07/05 07:42:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom)
DRV - [2010/04/01 11:40:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/03 03:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/11/03 03:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/17 19:28:58 | 000,010,240 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 09:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 04:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 08:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 14:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 06:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/11/11 09:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER)
DRV - [2003/11/11 09:33:54 | 000,013,195 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistrm.sys -- (MEISTRM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BC 2F B8 14 0E 65 E6 4E A2 19 D1 9D 0C 50 61 2F [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: crossriderapp4493%40crossrider.com:0.91.83
FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi [2013/03/31 09:15:12 | 000,008,039 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 20:29:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 20:28:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010/09/24 06:29:39 | 000,000,000 | ---D | M]
[2011/12/19 17:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2013/03/30 12:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions
[2010/12/10 17:59:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/31 20:50:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/29 20:40:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013/03/13 06:29:18 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com
[2009/08/28 06:31:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com
[2013/03/13 06:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode
[2013/02/14 18:30:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml
[2013/03/25 16:24:37 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\wot-safe-search.xml
[2013/03/07 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 20:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/08/16 06:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/03/31 09:15:12 | 000,008,039 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\NETSIGHT@NIELSEN.XPI
[2013/03/07 20:29:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/30 22:18:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2013/02/27 00:09:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nielsen FirefoxTracker Plug-in (Enabled) = C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Nielsen = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.3_0\
CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.1_0\
CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\crossrider
CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\
CHR - Extension: Gmail = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/03/28 14:44:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [sugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/12/15 07:58:35 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe (Giganews, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\internet\eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 14:02:02 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/31 17:00:24 | 000,000,085 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (pdboot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/31 21:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/03/30 13:11:05 | 001,363,016 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar.exe
[2013/03/30 13:11:05 | 000,748,616 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\fixdamage.exe
[2013/03/30 12:55:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/29 23:10:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2013/03/28 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4
[2013/03/28 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2013/03/28 15:38:22 | 000,000,000 | ---D | C] -- C:\Brother
[2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/03/28 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2013/03/28 15:37:57 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll
[2013/03/28 15:36:39 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2013/03/28 15:36:38 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2013/03/28 15:36:38 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2013/03/28 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/03/28 15:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/28 14:13:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/28 14:13:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/28 14:13:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/28 14:13:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/28 14:13:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/28 14:10:12 | 005,044,813 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2013/03/27 11:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/03/22 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/21 21:46:45 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/21 21:46:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/07 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/07 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/07 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/24 08:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/04/01 08:51:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job
[2013/04/01 08:33:40 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Compaq_Administrator\Desktop\unhide.exe
[2013/04/01 08:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/31 14:52:04 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job
[2013/03/30 13:12:20 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/03/30 13:01:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job
[2013/03/30 13:01:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/30 13:01:11 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2013/03/28 16:15:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/03/28 16:15:20 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/28 15:48:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/28 15:39:38 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/03/28 15:39:18 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/03/28 15:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2013/03/28 15:38:22 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2013/03/28 14:44:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/28 14:10:23 | 005,044,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2013/03/28 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/27 11:59:11 | 027,407,622 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4
[2013/03/27 11:58:31 | 104,376,597 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4
[2013/03/21 15:18:29 | 001,363,016 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\mbar.exe
[2013/03/21 15:18:29 | 000,748,616 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Compaq_Administrator\Desktop\fixdamage.exe
[2013/03/13 03:02:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/12 13:33:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 13:33:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/08 07:31:12 | 000,501,923 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf
========== Files Created - No Company Name ==========
[2013/03/28 15:39:38 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/03/28 15:38:04 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/03/28 15:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/03/28 14:13:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/28 14:13:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/28 14:13:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/28 14:13:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/28 14:13:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/27 11:59:11 | 027,407,622 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4
[2013/03/27 11:58:31 | 104,376,597 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4
[2013/03/20 14:38:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job
[2013/03/20 14:38:00 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job
[2013/03/20 14:38:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job
[2013/03/08 07:31:12 | 000,501,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf
[2012/04/02 12:36:49 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/04/02 11:27:05 | 001,527,650 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2012/03/15 06:40:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/03/15 06:40:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/03/11 13:16:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/03/11 13:16:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/21 05:00:54 | 001,263,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2684078581-1939207485-826778432-1008-0.dat
[2012/02/21 05:00:39 | 000,273,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/20 10:15:43 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 08:28:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/29 08:29:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2010/10/24 08:52:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat
[2010/10/24 08:52:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf
[2008/10/09 11:04:27 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\default.pls
[2008/10/05 17:01:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.rnd
[2007/01/27 17:32:35 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AutoGK.ini
[2006/06/12 08:00:42 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/11 08:13:54 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2005/08/30 13:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
-
Part 5 - the last piece of the system log. Wow that is a long file...
Read File: File "c:\WINDOWS\Downloaded Program Files\mjolauncher.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\gpcontrol.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\OnlineScanner.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\OSD2B0C.OSD" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\SCEWebLauncher.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\symdlmgr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\wlscBase.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db.id" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft\Connection Service\timecfg.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\bgscncfg.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\conngmidchg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\gmid.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\upgmidchg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\uuid.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\{6005a339-8b45-43d1-856a-a05dd9e4f98b}\staxSys.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rio\Rio Music Manager\Rio_Forge_5042_0002F68C2CF98817.lsa" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\autorun.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\facefilter\InstFFSpath.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\menu\LogoCopyright.swf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrCollect.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrDbgOut.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\layout.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\ENG_End_Mes.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_End_Mes.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_guide.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk2\layout.bin" is compressed (flags = 1)
Done!
Scan finished
=======================================
-
Part 4 - another piece of the system log...
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff8a7c8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xffffffff8a7b5348
Lower Device Driver Name: \Driver\usbstor\
Device already Exists: 0xffffffff8aafb1e8
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a78cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8a7bc8c8
Lower Device Driver Name: \Driver\usbstor\
Device already Exists: 0xffffffff8aba46d8
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a7bcab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff8a788ea0
Lower Device Driver Name: \Driver\usbstor\
Device already Exists: 0xffffffff89cea040
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a789428
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a7b8030
Lower Device Driver Name: \Driver\usbstor\
Device already Exists: 0xffffffff89c04f18
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae9bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8ad81d98
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xffffffff89cec5d8
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae9b998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae9d900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aeec030, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ad81d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe1d96440, 0xffffffff8ae9bab8, 0xffffffff89c20ab8
Lower DeviceData: 0xffffffffe1cf7ed0, 0xffffffff8ad81d98, 0xffffffff89cec5d8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 374073462
Partition file system is NTFS
Partition is bootable
Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 374089590 Numsec = 16627275
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 200049647616 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b3de0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7c9020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7b8030, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a792c48, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7c0020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a788ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b39f8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8aa80020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7bc8c8, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b5768, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a784020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7b5348, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\stats.awd" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\Category.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\SCategory.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\boost_interprocess\401C437CB6BECC01\{1832B446-3F6D-4880-99C1-0B3B26170D94}" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Bots.sbe" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\SystemInternals.sbe" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\com.apple.QuickTime.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\arcsoft_codec.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\guid.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\tic.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\UpdaterforApp.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\TotalMedia Extreme\TME.DAT" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfg\malrep.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfgall\userall.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\commonpub.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\history.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\crm.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Fotomanager_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Installation.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\installation.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\Photo_Manager_10\_msi_keyfile_k4s0bq0oui3c03cqsvex8i9vt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\link.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\mxtr_auto_settings.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\ULC\nextBackup.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager\mdm.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\blank.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\SmoothMovement.js" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\instance.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.par" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\D562D8C0-5259-3FE8-63D0-D18B37D0AEE3.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\Data.DCD" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\DiscInstalledMC.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.5c060651" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.e9ab0d36" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\ProjectPrefs.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\WSMgrCfg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Illustrator CS Settings\AI Color Settings" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Updater\AUTrans.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\NeroVisionLog.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.1.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Long Walk to Freedom Nelson Mandela (epub)[rogercc][h33t].epub.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\A Raisin In The Sun.rtf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Corrections.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\the white tiger.txt.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\comic_input.py" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\page_setup.py" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\crm.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Media Player\001002A2.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Excel12.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Imagin10.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\MSO1024.acl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Scanni10.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\MNStatsID.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab\init0.movefab" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\TuneUpMedia\prefs.js" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Real\RealMediaSDK\c0a80100.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\vlc\ml.xspf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\asset.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\assets.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\FolderList.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\thumbnailSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\ViewSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\auth.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\gen_jumpex.m3u8" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Winamp.m3u" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\winamp.m3u8" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Plugins\gen_mud.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\EasyCutter.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\FreeConverter.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\funkitron\Boggle Supreme\Boggle.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1\Local Store\DesktopCitizen.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\registry.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\profiles.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\031612 vs belmont.pxy" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\032812 vs bernstein.pxy" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\24wwxsp1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\AK083E209605E394C.lie" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\MsiExec.exe.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\temp_0000_80678.aok" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\thxcfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\veolx32n.dll" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\650807529" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20080821-215650.backup" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20090216-183112.backup" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\default.pls" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\brpcfx.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Brpfx04a.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\BRPP2KA.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\BRWMARK.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\iexplore.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Nxiwuzuwoc.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\srun.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\AviSplitter.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UPGRADE.TXT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wmsetup10.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\popcinfo.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Quicken.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\DiscWriter\2.3.1.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroBurnAdvrCntrl2Lib\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NEROLib\1.4.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroMCEWrapper\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroVisionAPI\1.3.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcrmcm\60.0.86.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
-
Part 3 - Continuation of the system log...
Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\AxInterop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\DiscWriter\2.3.1.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiExtCOM\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiExtens\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehiwmp\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SonicMCEBurnEngine\0.9.0.0__17c52700e9a64fd0\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SymAddIn\15.0.0.1__ea8ad8cd626b3bac\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Data.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\system.management.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Security.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_de_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_es_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_fr_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_it_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ja_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_ko_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHS_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.XML.resources\1.0.3300.0_zh-CHT_b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\GemMaster3\3.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcddvd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Web.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hplMosaicNet\1.4.1.0__0d5444959b41355f\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqactiv.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqalb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasmgt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqasset\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbakup.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbkloc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqbutil\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcc2.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcdcpy.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroBurnAdvrCntrl2Lib\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NEROLib\1.4.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroMCEWrapper\1.0.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.NeroVisionAPI\1.3.0.0__477a69ee60b50063\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.WT3DLib\1.0.0.0__1bf1415c4c44d353\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqglutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqiface\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimgrc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqimvlt.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisdsp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqislib\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsprj.resources\1.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqlsutl\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmdmr.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmpvad\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqntrop\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqovskn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpbgen\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpdmdl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqunkwd.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqutils\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqxpbrn\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqaiois\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.HpqCamUn\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcbcnv\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqcldat\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcrmcm\60.0.86.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Interop.LITTManagerLib\1.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Twain\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.113__9cf889f53ea9b907\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\RegCode.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqpel10.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprif\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjcm\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqprutl.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptfx.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqptint.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqqca\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqszip\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqtray.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcpolp.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqdocpt.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqeal\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedit.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqedppi.resources\3.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\hpqfmrsc.resources\4.0.0.0_en_a53cf5803f4c3827\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_de_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_es_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_it_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\mjolauncher.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.87.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\gpcontrol.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\OnlineScanner.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\OSD2B0C.OSD" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\SCEWebLauncher.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\symdlmgr.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\wlscBase.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> [backdoor.0Access]
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\al.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\default.disco" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_dataperfcounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\_NetworkingPerfCounters.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1)
Infected: c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --> [backdoor.0Access]
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db.id" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft\Connection Service\timecfg.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\QuickPar\cache.qpc.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\bgscncfg.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SID.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Ahead\Nero Home\SII.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\regasm.exe.11f1da13.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\conngmidchg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\gmid.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\upgmidchg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ArcSoft\Connection Service\uuid.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\mvdmap.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\MicroVision Applications\{6005a339-8b45-43d1-856a-a05dd9e4f98b}\staxSys.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Rio\Rio Music Manager\Rio_Forge_5042_0002F68C2CF98817.lsa" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SubtitleCreator\MRU.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\update.ver" is compressed (flags = 1)
Read File: File "c:\WINDOWS\$NtUninstallKB2624667$\updatebr.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\autorun.inf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\facefilter\InstFFSpath.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\menu\LogoCopyright.swf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrCollect.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\tools\brinfo\BrDbgOut.INI" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\frc\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\ptb\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\spa\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\basic.css" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\New Folder\wlan_wiz\usa\copy.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\layout.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\ENG_End_Mes.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_End_Mes.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk1\Diagnosis\JPN_guide.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Desktop\Data\Disk2\layout.bin" is compressed (flags = 1)
Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L --> [backdoor.0Access]
Infected: c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U --> [backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_34
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 3152519168, free: 2303700992
------------ Kernel report ------------
03/30/2013 13:34:25
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
wdf01000.sys
\WINDOWS\System32\Drivers\WDFLDR.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
jraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
VolSnap.sys
iaStor.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpman.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\aracpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\ArcCD.SYS
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\km_filter.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\ArcRec.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\drivers\netbt.sys
\SystemRoot\System32\Drivers\nnrnstdi.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\VCdRom.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\arhidfltr.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\System32\Drivers\DefragFS.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
-
Part 2 - Here is the system log. It was too long to post, so I'm splitting into multiple posts (although it kinda looks like it ran twice)...
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_34
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.188000 GHz
Memory total: 3152519168, free: 1747968000
------------ Kernel report ------------
03/30/2013 13:10:05
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
wdf01000.sys
\WINDOWS\System32\Drivers\WDFLDR.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
viaide.sys
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
jraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
VolSnap.sys
iaStor.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpman.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\aracpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\ArcCD.SYS
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\km_filter.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\ArcRec.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\system32\drivers\netbt.sys
\SystemRoot\System32\Drivers\nnrnstdi.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\VCdRom.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\arhidfltr.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\System32\Drivers\DefragFS.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff8a7c8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000088\
Lower Device Object: 0xffffffff8a7b5348
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a78cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8a7bc8c8
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a7bcab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff8a788ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a789428
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a7b8030
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8ae9bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8ad81d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.30.06
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae9b998, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8ae9d900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ae9bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aeec030, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ad81d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0xffffffffe3827470, 0xffffffff8ae9bab8, 0xffffffff89c20ab8
Lower DeviceData: 0xffffffffe3825c58, 0xffffffff8ad81d98, 0xffffffff89cec5d8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 374073462
Partition file system is NTFS
Partition is bootable
Partition 1 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 374089590 Numsec = 16627275
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 200049647616 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b3de0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7c9020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a789428, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7b8030, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a792c48, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7c0020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7bcab8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a788ea0, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b39f8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8aa80020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a78cab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7bc8c8, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7b5768, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a784020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7c8ab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a7b5348, DeviceName: \Device\00000088\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator\Application Data\Lavasoft\Ad-Aware\stats.awd" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\Category.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\Msg\SCategory.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\boost_interprocess\401C437CB6BECC01\{1832B446-3F6D-4880-99C1-0B3B26170D94}" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Bots.sbe" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\SystemInternals.sbe" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Apple Computer\QuickTime\com.apple.QuickTime.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\arcsoft_codec.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\guid.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\tic.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\arcsoft mpeg\UpdaterforApp.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\ArcSoft\TotalMedia Extreme\TME.DAT" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfg\malrep.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\cfgall\userall.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\commonpub.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AVG10\log\history.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\addr_file.html" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\crm.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Fotomanager_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\C_Photo_Manager_10\Installation.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\installation.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\MAGIX\Photo_Manager_10\_msi_keyfile_k4s0bq0oui3c03cqsvex8i9vt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\link.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\mxtr_auto_settings.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Maxtor\ULC\nextBackup.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager\mdm.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\blank.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\NOS\GP_GUI_Adobe\SmoothMovement.js" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Real\RealPlayer\cdplayer.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\instance.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.par" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Common Files\D562D8C0-5259-3FE8-63D0-D18B37D0AEE3.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\Data.DCD" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation\DiscInstalledMC.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.5c060651" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\DVD Shrink\Analysis Results.e9ab0d36" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\ProjectPrefs.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Encore DVD 2.0\WSMgrCfg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Adobe Illustrator CS Settings\AI Color Settings" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Updater\AUTrans.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\NeroVisionLog.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer\Preferences\iTunes.exe.plist" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.1.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\IORRT 3.5.cmd.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Long Walk to Freedom Nelson Mandela (epub)[rogercc][h33t].epub.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\A Raisin In The Sun.rtf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\Corrections.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent\the white tiger.txt.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\comic_input.py" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\calibre\conversion\page_setup.py" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\crm.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX\PhotoStory_on_CD_DVD_10_Deluxe_DLV\Fotos_dlx.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Media Player\001002A2.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Excel12.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Imagin10.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\MSO1024.acl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Office\Scanni10.pip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks\MNStatsID.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab\init0.movefab" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\TuneUpMedia\prefs.js" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Real\RealMediaSDK\c0a80100.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\vlc\ml.xspf" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\asset.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\assets.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\FolderList.yos" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\thumbnailSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer\ViewSel.db" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\auth.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\gen_jumpex.m3u8" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Winamp.m3u" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\winamp.m3u8" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Winamp\Plugins\gen_mud.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\EasyCutter.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack\FreeConverter.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\funkitron\Boggle Supreme\Boggle.cfg" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1\Local Store\DesktopCitizen.xml" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\registry.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Application Data\Netscape\NSB\profiles.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Desktop\protection-log-2010-09-25.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\031612 vs belmont.pxy" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\032812 vs bernstein.pxy" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\24wwxsp1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\AK083E209605E394C.lie" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\MsiExec.exe.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\temp_0000_80678.aok" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\thxcfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\veolx32n.dll" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\650807529" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20080821-215650.backup" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\hosts.20090216-183112.backup" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\default.pls" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\brpcfx.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Brpfx04a.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\BRPP2KA.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\BRWMARK.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\iexplore.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Nxiwuzuwoc.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\srun.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\AviSplitter.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UPGRADE.TXT" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wmsetup10.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "c:\WINDOWS\popcinfo.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Quicken.ini" is compressed (flags = 1)
-
OK, I removed BitTorrent. I just used the Add and Remove Programs control panel to remove it - I hope that deletes it completely.
Below are the 3 logs that you asked for. 1st is the OTL log. The second is the mbar log (The first time it came up with 4 issues that it cleaned. I ran it again like the instructions said and it came up clean. I'll post both of them since I'm not sure which one you want/need. And lastly is the system log. Considering the last post had to be broken up into multiple posts, I'll probably have to do the same here.
Thanks,
JF
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}\ not found.
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: "Search Results" removed from browser.search.defaultenginename
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com\chrome folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\plugin@yontoo.com.xpi moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AntiVirusDisableNotify deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\UpdatesDisableNotify deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\FirewallDisableNotify deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\uyy2qb2nixeuy64x76lad14 moved successfully.
C:\Documents and Settings\All Users\Application Data\uyy2qb2nixeuy64x76lad14 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\036c1j4g1820 moved successfully.
C:\Documents and Settings\All Users\Application Data\036c1j4g1820 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\4727uy07g8m3s12g7my1iy4678gag730 moved successfully.
C:\Documents and Settings\All Users\Application Data\4727uy07g8m3s12g7my1iy4678gag730 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp moved successfully.
C:\Documents and Settings\All Users\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o moved successfully.
C:\Documents and Settings\All Users\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\267464291 moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar\weather folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar\coupons folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar folder moved successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\TrojanHunter folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4047 bytes
->FireFox cache emptied: 21293864 bytes
->Flash cache emptied: 722 bytes
User: All Users
User: Compaq_Administrator
->Temp folder emptied: 120656340 bytes
->Temporary Internet Files folder emptied: 3561322 bytes
->Java cache emptied: 28161 bytes
->FireFox cache emptied: 339867570 bytes
->Google Chrome cache emptied: 139959686 bytes
->Flash cache emptied: 21323 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 85415345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 237188841 bytes
Total Files Cleaned = 904.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03302013_125504
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_ec0.dat moved successfully.
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\CR_445AE.tmp\SETUP_PATCH.PACKED.7Z not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glsllib not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\glsles.h not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_configuration_glsles.h not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_utils_glsles.h not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbfp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbvp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.asd not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.cfg not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.ps_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.vs_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbfp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbvp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.asd not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.cfg not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.ps_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.vs_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stcommonobjects.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbfp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbvp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.asd not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.cfg not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.ps_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.vs_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbfp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbvp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.asd not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.cfg not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.ps_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.vs_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbfp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbvp1 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.asd not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.cfg not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.ps_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.vs_2_0 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\water.glsllib not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesv not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\planet\earth.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\generic.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\sr22.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\generic.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\sr22.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\generic.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\f16.acf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\sr22.acf not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\flightsim.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\application.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\balloons.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\builtin_webdata.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_inverse.png not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_thick.png not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\doppler.txt not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\effects.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\filmstrip.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-common.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-layer.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\localshapes.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\navcontrols.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\notifications.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\progress.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\renderui.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\search.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\spin_icon.png not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\statusbar.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\terrainmgr.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tmcontrols.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\toolbar.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tourcontrols.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\unknown_plugin.png not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\userpalette.kml not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\webbrowser.rcc not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ar.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\bg.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ca.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\cs.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\da.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\de.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\el.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\en.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es-419.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fa.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fi.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fil.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fr.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\he.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hi.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hr.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hu.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\id.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\it.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ja.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ko.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lt.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lv.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\nl.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\no.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pl.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt-PT.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ro.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ru.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sk.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sl.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sr.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sv.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\th.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\tr.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\uk.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\vi.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hans.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant-HK.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant.qm not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\drivers.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth.exe.local not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\google_earth.ico not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\gpl.txt not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterGlobalSettings.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterUISettings.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\kh20 not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\PCOptimizations.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\uninstall.ico not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\0x0409.ini not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\Google Earth.msi not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\GoogleEarth.exe not found!
File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temp\._msigeplugin61\Setup.ini not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.03.30.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: HADDY [administrator]
3/30/2013 1:33:06 PM
mbar-log-2013-03-30 (13-33-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29932
Time elapsed: 20 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L (Backdoor.0Access) -> Delete on reboot.
c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U (Backdoor.0Access) -> Delete on reboot.
Files Detected: 2
c:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ (Backdoor.0Access) -> Delete on reboot.
c:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ (Backdoor.0Access) -> Delete on reboot.
(end)
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.03.30.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Administrator :: HADDY [administrator]
3/30/2013 1:50:59 PM
mbar-log-2013-03-30 (13-50-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29922
Time elapsed: 16 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
PART 2 - the last part of the OTL.txt output and the Extras.txt output.
[2013/03/07 21:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/10/09 18:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/06/30 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/19 18:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/06/27 21:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/28 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2006/03/09 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/01/04 10:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/11/17 18:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/04/21 21:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/08/10 08:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/11/13 08:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/05 19:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/02/24 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2006/06/11 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/06/15 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nike
[2012/03/11 13:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/08/12 08:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/06/23 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/07/05 10:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/07/05 10:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2012/03/11 13:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/10/01 21:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/11/06 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2012/06/17 11:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/08/25 21:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2009/01/08 16:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/26 22:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ylodkfwf
[2012/03/11 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2010/03/30 20:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 18:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 07:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/19 17:52:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/12/28 16:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Any Flv Converter
[2012/06/30 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Babylon
[2013/03/28 22:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2011/04/12 06:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\C0EFD9542FAA59F0DAA150FC22334505
[2011/08/21 11:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\calibre
[2010/11/21 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2013/03/28 15:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4
[2006/07/19 18:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys
[2012/01/04 10:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\f-secure
[2006/08/10 08:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fhnetwork.com
[2011/06/06 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\FreeAudioPack
[2006/09/06 19:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
[2006/08/10 08:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HotSync
[2006/06/11 11:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2008/07/25 12:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LEAPS
[2011/11/05 19:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MAGIX
[2010/10/24 09:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MoveFab
[2007/04/04 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
[2012/03/11 13:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Nuance
[2008/06/27 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NwDocx
[2009/05/18 18:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2008/12/05 21:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Pegasys Inc
[2006/08/12 08:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
[2011/12/19 17:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\searchquband
[2012/01/23 08:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\searchqutoolbar
[2008/08/22 08:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TrojanHunter
[2012/06/17 11:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\TuneUpMedia
[2010/10/24 08:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Vso
[2008/03/28 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\W Photo Studio Viewer
[2007/07/17 09:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2012/02/06 20:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinPatrol
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011/06/27 23:27:21 | 000,000,000 | ---D | M] -- C:\$AVG
[2006/11/15 04:01:05 | 000,000,000 | ---D | M] -- C:\21943d461b9bdeb59e6d
[2012/05/03 21:39:05 | 000,000,000 | ---D | M] -- C:\6510
[2012/02/06 21:18:32 | 000,000,000 | ---D | M] -- C:\AMD
[2010/11/13 08:55:57 | 000,000,000 | ---D | M] -- C:\ArcBackupDeviceInfo
[2013/03/28 15:38:22 | 000,000,000 | ---D | M] -- C:\Brother
[2010/09/29 06:47:15 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2005/11/14 11:03:06 | 000,000,000 | ---D | M] -- C:\CMPNENTS
[2013/03/28 15:42:52 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011/01/31 07:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2006/09/03 10:07:04 | 000,000,000 | ---D | M] -- C:\games
[2006/07/03 19:50:14 | 000,000,000 | ---D | M] -- C:\hp
[2009/05/03 10:45:08 | 000,000,000 | ---D | M] -- C:\Hy-Sport
[2006/03/09 19:59:17 | 000,000,000 | ---D | M] -- C:\i386
[2007/06/29 15:13:20 | 000,000,000 | ---D | M] -- C:\internet
[2008/11/17 19:33:36 | 000,000,000 | ---D | M] -- C:\My Downloads
[2013/03/07 21:58:46 | 000,000,000 | ---D | M] -- C:\my music
[2008/02/23 22:41:02 | 000,000,000 | ---D | M] -- C:\New Folder
[2006/12/25 14:43:47 | 000,000,000 | ---D | M] -- C:\p's music
[2011/12/31 10:04:30 | 000,000,000 | ---D | M] -- C:\photos
[2013/03/29 10:02:18 | 000,000,000 | ---D | M] -- C:\Program Files
[2007/02/23 07:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007/11/26 20:24:50 | 000,000,000 | ---D | M] -- C:\Python22
[2013/03/28 15:04:39 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/10/01 20:22:47 | 000,000,000 | ---D | M] -- C:\RaidTool
[2013/03/28 15:13:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2006/06/26 07:25:37 | 000,000,000 | ---D | M] -- C:\Rio
[2010/06/26 06:49:31 | 000,000,000 | ---D | M] -- C:\Rooter$
[2008/02/23 23:02:16 | 000,000,000 | ---D | M] -- C:\shared
[2012/09/22 23:42:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006/03/09 19:47:59 | 000,000,000 | ---D | M] -- C:\system.sav
[2006/07/03 19:50:05 | 000,000,000 | ---D | M] -- C:\temp
[2011/05/01 09:50:45 | 000,000,000 | ---D | M] -- C:\tempMM
[2012/05/10 22:55:02 | 000,000,000 | ---D | M] -- C:\tfmeets
[2013/03/29 22:49:00 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /5 >
[2013/03/27 11:36:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Invalid Environment Variable: localappdata
< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/09 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
< End of report >
OTL Extras logfile created on: 3/29/2013 11:11:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.32% Memory free
4.18 Gb Paging File | 1.99 Gb Available in Paging File | 47.56% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.37 Gb Total Space | 16.35 Gb Free Space | 9.17% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.08% Space Free | Partition Type: FAT32
Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Disabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DSH -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Brother\Brmfl10g\FAXRX.exe" = C:\Program Files\Brother\Brmfl10g\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{17D1D0AC-CB9C-4273-A827-2D242460C6B5}" = FlipAlbum 5.0 Pro
"{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.5
"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A780209-2A41-4C75-932A-F6F0390D430A}" = Adobe Photoshop CS2 Functional Content
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" = Adobe Premiere Pro FC
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6C91041E-406E-C082-0D03-75D4BC9C6CB0}" = Picaboo X
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EC0A77B-AFAF-4B9A-A2AF-412589CF5FF6}" = Eudora
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{998AD896-5B25-466D-8D56-CC0CC9228A68}" = Adobe Audition 2.0 Loopology Content
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB061B3-99A6-4EE5-93F4-6EB1F60295C4}" = Adobe Production Studio
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B9273566-6E0A-4A87-AABB-08A0733ECE8E}" = MEET MANAGER 2.0 for Track & Field
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2095DFD-9022-4995-9A7A-CC9212837D29}" = calibre
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E722A962-E87D-CB6B-EB1E-27AD13D0F577}" = AMD Parental Control & Encoder
"{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC1963C6-8EA9-40DF-8CD7-F63E174FCAEC}" = Adobe After Effects 7.0 Functional Content
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari
"{F5F5ABB8-87EA-47A7-8CC6-E68AFC2D3BC0}" = TMPGEnc Sound Player
"{F6F6C08A-ED6F-4968-8292-A08E9F02584F}" = Adobe Encore DVD FC
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D" = Zuma Deluxe from Compaq (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"3B3B73D1-DC4A-4780-B0E4-E823D08B3397" = 5 Card Slingo from Compaq (remove only)
"422C7575-C10D-4795-87FA-9972765379E6" = Mah Jong Quest from Compaq (remove only)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"52AEBC18-F252-4B0C-B3E1-724537D9F873" = Ricochet Lost Worlds from Compaq (remove only)
"53474592-01BC-4338-8647-FE350957D912" = Barnyard Invasion from Compaq (remove only)
"5AF1DD17-7B06-45EF-8592-2E524E458BAB" = Insaniquarium Deluxe from Compaq (remove only)
"63E4EC24-7173-4E1F-9C77-B4403CBCF91F" = Lemonade Tycoon 2 from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"85CF9BF3-1057-468C-962D-31BAABC6AC72" = FATE from Compaq (remove only)
"8D11F98B-4931-44F6-8FC6-971CCBBBB131" = Snowboard SuperJam from Compaq (remove only)
"9448DE42-C017-4A3E-A0BB-C50BF673E9E0" = Chuzzle Deluxe from Compaq (remove only)
"997DD523-B925-4C73-970B-C201E8F781AD" = AstroPop Deluxe from Compaq (remove only)
"9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only)
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 4.1.0422
"Allok Video Joiner_is1" = Allok Video Joiner 3.3.1116
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.40
"AVI Joiner_is1" = AVI Joiner
"AVI Splitter_is1" = AVI Splitter
"Avi2Dvd" = Avi2Dvd 0.4.4 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9" = Shrek 2 Ogre Bowler from Compaq (remove only)
"BBE9E0F3-11F7-4424-9905-8E0153E872C1" = Family Feud
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only)
"BitTorrent" = BitTorrent
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B" = Boggle Supreme from Compaq (remove only)
"CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only)
"CalorieKing.com Diet Diary for PalmOS" = CalorieKing.com Diet Diary for PalmOS
"CCleaner" = CCleaner (remove only)
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Companion" = Coupon Companion
"D84AC71A-75E8-4709-8BA5-4B46EAC00C5E" = Bejeweled 2 Deluxe from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"DISCover" = DISCover
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDx_is1" = DVDx
"E1A0F769-A43A-4DDB-9F73-12791E453557" = Puzzle Express from Compaq (remove only)
"E618FC78-EE4F-4243-8409-078EB5E0B1F6" = Bookworm Deluxe from Compaq (remove only)
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9" = Slingo Deluxe from Compaq (remove only)
"FA6A73EB-40AB-4B58-851D-3892B3C10EF6" = SCRABBLE from Compaq (remove only)
"FileHippo.com" = FileHippo.com Update Checker
"FLVPlayer" = FLV Player 1.3.3
"Forte Agent" = Forté Agent
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95
"Free WMA MP3 Converter" = Free WMA MP3 Converter
"Google Chrome" = Google Chrome
"GSpot" = GSpot Codec Information Appliance
"HaaliMkx" = Haali Media Splitter
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{190BF7E6-59C5-45E2-B9CE-E8E7245A5B4D}" = TMPGEnc Plus 2.5
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{4545A088-CCEF-43C2-8840-B34B04594FA6}" = USB CDC Device Driver
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Matroska Pack" = Matroska Pack
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NetSight" = Nielsen
"Nike+ Connect" = Nike+ Connect
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Open Video Joiner_is1" = Open Video Joiner version 3.1
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PG-1-278" = MultiLane version 1.0
"Photo Viewer_is1" = Photo Viewer 2.4
"Photo2DVD Studio_is1" = Photo2DVD Studio Build 4.8.0.1
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"SaveVid Plug-in" = SaveVid Plug-in
"SPSS for Windows 11.5" = SPSS 11.5 for Windows
"Sqirlz Morph" = Sqirlz Morph
"SubtitleCreator" = SubtitleCreator
"SugarSync" = SugarSync Manager
"TuneUpMedia" = TuneUp Companion 2.4.6.4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"Tweak UI 2.10" = Tweak UI
"Video Cleaner" = River Past Video Cleaner
"VLC media player" = VLC media player 2.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMorph_is1" = WinMorph™ 3.01
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XviD_is1" = XviD 1.1 final uninstall
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/24/2013 6:54:26 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 15:54:26.674]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 6:55:35 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 15:55:35.674]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 6:59:02 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 15:59:02.705]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:00:11 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:00:11.721]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:01:20 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:01:20.721]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:03:38 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:03:38.737]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:04:47 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:04:47.737]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:05:56 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:05:56.737]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:07:05 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:07:05.752]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
Error - 3/24/2013 7:08:14 PM | Computer Name = HADDY | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/03/24 16:08:14.752]: [00003808]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.172]
[ System Events ]
Error - 3/28/2013 10:04:33 AM | Computer Name = HADDY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:46:53 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).
Error - 3/29/2013 6:47:33 AM | Computer Name = HADDY | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066
< End of report >
-
Here you go...
(I got an error that the post was too long. I tried posting the OTL.txt in this post and will post the Extras.txt in the next - but even that was too long. So, I'm splitting the OTL.txt in two parts - the first here and the rest at the start of the next post, right before the Extras.txt output.)
Thanks!
JF
OTL logfile created on: 3/29/2013 11:11:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.94 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.32% Memory free
4.18 Gb Paging File | 1.99 Gb Available in Paging File | 47.56% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.37 Gb Total Space | 16.35 Gb Free Space | 9.17% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 0.56 Gb Free Space | 7.08% Space Free | Partition Type: FAT32
Computer Name: HADDY | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
PRC - [2013/01/24 01:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2012/09/28 20:45:33 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/05/19 17:14:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/02/24 05:49:52 | 000,093,504 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/11/03 03:26:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/01 08:26:58 | 000,299,008 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/09 05:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\nero\Update\NASvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 16:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/18 09:49:40 | 000,757,760 | ---- | M] (Giganews, Inc.) -- C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
PRC - [2006/03/09 20:33:38 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2005/11/11 14:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 14:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 14:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 14:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/01 03:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/02 17:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/28 15:49:34 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2013/03/28 15:49:33 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2013/02/14 04:12:07 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/14 04:11:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:10:53 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 04:07:24 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/14 04:04:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/02/14 04:04:04 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/02/14 04:04:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/02/14 04:04:00 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/02/14 04:04:00 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/02/14 04:03:59 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/02/14 04:03:45 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/02/14 04:03:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/02/14 04:03:41 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/02/14 04:03:35 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/01/09 04:19:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:19:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/09 04:16:52 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 04:16:34 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 04:15:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 04:15:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 04:05:00 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1e116300\mscorlib.dll
MOD - [2013/01/09 04:04:57 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6ea43965\system.drawing.dll
MOD - [2013/01/09 04:04:51 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_0203b7a4\system.xml.dll
MOD - [2013/01/09 04:04:47 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f63600c2\system.windows.forms.dll
MOD - [2013/01/09 04:04:39 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b7aa3e59\system.dll
MOD - [2013/01/09 04:04:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/01/09 04:04:29 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/01/09 04:04:28 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/01/09 04:04:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/10/29 10:39:36 | 000,502,784 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2012/10/29 10:36:12 | 000,753,664 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
MOD - [2012/10/29 10:35:06 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npwmi.dll
MOD - [2012/10/29 10:34:50 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
MOD - [2012/10/29 10:34:42 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\npsp1.dll
MOD - [2012/10/29 10:34:32 | 000,503,808 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter2\communication.dll
MOD - [2012/02/21 04:58:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/21 04:48:18 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\01e360ed3a3cb2b0a3c47c7f3eb09e58\System.Runtime.Remoting.ni.dll
MOD - [2012/02/21 04:48:11 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/21 04:48:07 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/21 04:41:12 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2012/02/21 04:40:32 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2012/02/21 04:39:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/21 04:38:49 | 000,729,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
MOD - [2012/02/21 04:38:19 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/21 04:38:10 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/21 04:37:58 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/21 04:37:45 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/21 04:37:34 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/12/17 08:48:18 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/12/17 08:48:18 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2011/01/20 21:53:20 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/01/20 21:53:20 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/20 21:53:18 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/01/20 21:53:18 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/01/20 21:53:18 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/01/20 21:53:18 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/01/20 21:53:18 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/01/20 21:53:17 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/20 21:53:17 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/20 21:53:17 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/01/20 21:53:17 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/01/28 13:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/01/27 22:16:47 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/01/27 22:16:47 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/01/27 22:16:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/01/27 22:16:45 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/01/27 22:16:44 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/01/27 22:16:44 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/01/27 22:16:43 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/01/27 22:16:42 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/01/27 22:16:42 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/01/27 22:16:42 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files\Seagate\DiscWizard\fox.dll
MOD - [2009/03/07 11:36:53 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2009/03/07 11:36:53 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2009/03/07 11:36:52 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2009/03/07 11:36:52 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/03/07 11:36:52 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2009/03/07 11:36:52 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/02/28 11:30:08 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/02/28 11:30:07 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/02/28 11:30:05 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/02/28 11:20:54 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/02/28 11:20:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2009/02/28 11:20:50 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2009/02/28 11:20:50 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2009/02/28 11:20:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2009/02/28 11:20:49 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/09 20:33:35 | 000,151,589 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\bwfiles.dll
MOD - [2006/03/09 20:33:35 | 000,098,339 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\FrExt.dll
MOD - [2006/03/09 20:33:35 | 000,061,496 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\6.3.2.116-5577497\Program\clntutil.dll
MOD - [2006/03/09 19:50:36 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/03/09 19:50:34 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2006/03/09 19:50:33 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2005/12/15 06:33:48 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\5577497\Program\HPClientExt.dll
========== Services (SafeList) ==========
SRV - [2013/03/12 13:33:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 20:29:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/29 10:41:28 | 002,833,448 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2012/09/07 20:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/06/28 09:48:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 11:04:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2010/12/19 11:16:51 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/05 10:05:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/08/02 17:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2003/10/13 16:24:14 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2012/10/01 21:00:24 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/10/01 21:00:24 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/10/01 21:00:20 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/10/01 21:00:15 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/03/20 17:23:38 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2012/03/20 17:23:26 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2011/10/08 20:25:40 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/08 20:25:40 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/28 09:48:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 09:48:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/19 11:16:52 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/09/07 03:37:14 | 000,104,024 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2010/08/27 20:27:21 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/07/05 07:42:24 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom)
DRV - [2010/04/01 11:40:36 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/03 03:06:12 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/11/03 03:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/11/06 14:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/09/17 19:28:58 | 000,010,240 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/25 09:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 12:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 09:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 04:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 08:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 14:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 06:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003/11/11 09:34:00 | 000,022,891 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistb.sys -- (MEITUNER)
DRV - [2003/11/11 09:33:54 | 000,013,195 | ---- | M] (Matsushita Electric Industorial Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\meistrm.sys -- (MEISTRM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BC 2F B8 14 0E 65 E6 4E A2 19 D1 9D 0C 50 61 2F [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=405&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: crossriderapp4493%40crossrider.com:0.91.83
FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: tab@search.com:1.0
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi [2013/03/28 15:49:44 | 000,008,039 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 20:29:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 20:28:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010/09/24 06:29:39 | 000,000,000 | ---D | M]
[2011/12/19 17:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2013/03/13 06:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions
[2010/12/10 17:59:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/19 17:52:48 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013/01/31 20:50:58 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/29 20:40:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013/03/13 06:29:18 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com
[2009/08/28 06:31:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com
[2010/08/25 12:34:03 | 000,000,000 | ---D | M] (tab-search) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\tab@search.com
[2012/02/06 21:47:59 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\toolbar@ask.com
[2013/03/13 06:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode
[2013/02/21 21:52:28 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\plugin@yontoo.com.xpi
[2013/02/14 18:30:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\SearchResults.xml
[2013/03/25 16:24:37 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\searchplugins\wot-safe-search.xml
[2013/03/07 20:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 20:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/08/16 06:39:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/03/28 15:49:44 | 000,008,039 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER2\FIREFOXADDONS\NETSIGHT@NIELSEN.XPI
[2013/03/07 20:29:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/30 22:18:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/19 17:52:21 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2013/02/27 00:09:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nielsen FirefoxTracker Plug-in (Enabled) = C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Nielsen = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.3_0\
CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.1_0\
CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\crossrider
CHR - Extension: Coupon Companion = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.21.47_0\
CHR - Extension: Gmail = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/03/28 14:44:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [sugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/12/15 07:58:35 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe (Giganews, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AntiVirusDisableNotify =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UpdatesDisableNotify =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: FirewallDisableNotify =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/bingame/pacz/default/pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/gold/UnSkin/gf.cab (TikGames Online Control)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab (CPlayFirstDinerDashControl Object)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\internet\eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/30 14:02:02 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (pdboot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0DC86ADC-4963-4060-87E9-7AA2EF508661} - Themes Setup
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F7F0BDC-9111-406E-FBE6-8ECC610757BC} - NetShow
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: mrobeservice - File not found
NetSvcs: sddmi2 - File not found
NetSvcs: symndis - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/03/29 23:10:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2013/03/28 15:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ControlCenter4
[2013/03/28 15:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2013/03/28 15:38:22 | 000,000,000 | ---D | C] -- C:\Brother
[2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2013/03/28 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/03/28 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2013/03/28 15:37:57 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll
[2013/03/28 15:36:39 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2013/03/28 15:36:38 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2013/03/28 15:36:38 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2013/03/28 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/03/28 15:13:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/28 14:13:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/28 14:13:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/28 14:13:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/28 14:13:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/28 14:13:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/28 14:10:12 | 005,044,813 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2013/03/27 11:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/03/22 13:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/07 21:09:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/07 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/07 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/24 08:52:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2013/03/29 23:10:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2013/03/29 22:32:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/29 14:50:02 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job
[2013/03/28 16:15:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/03/28 16:15:20 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/28 15:52:19 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/03/28 15:48:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/28 15:47:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job
[2013/03/28 15:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/28 15:46:48 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/28 15:39:38 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/03/28 15:39:18 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/03/28 15:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2013/03/28 15:38:22 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2013/03/28 14:44:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/28 14:10:23 | 005,044,813 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2013/03/28 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/28 10:49:03 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job
[2013/03/27 11:59:11 | 027,407,622 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4
[2013/03/27 11:58:31 | 104,376,597 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4
[2013/03/13 03:02:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/08 07:31:12 | 000,501,923 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf
========== Files Created - No Company Name ==========
[2013/03/28 15:39:38 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/03/28 15:38:04 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/03/28 15:37:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/03/28 14:13:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/28 14:13:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/28 14:13:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/28 14:13:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/28 14:13:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/03/27 11:59:11 | 027,407,622 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Drew Dudley Leading with Lollipops (480).mp4
[2013/03/27 11:58:31 | 104,376,597 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\TEDxToronto - Drew Dudley Leading with Lollipops.mp4
[2013/03/20 14:38:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job
[2013/03/20 14:38:00 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Compaq_Administrator.job
[2013/03/20 14:38:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Compaq_Administrator.job
[2013/03/08 07:31:12 | 000,501,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Campus_Map.pdf
[2012/04/02 12:36:49 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/04/02 11:27:05 | 001,527,650 | ---- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2012/03/15 06:40:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/03/15 06:40:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/03/11 13:16:18 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/03/11 13:16:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/21 05:00:54 | 001,263,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2684078581-1939207485-826778432-1008-0.dat
[2012/02/21 05:00:39 | 000,273,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/20 10:15:43 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 08:28:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 00:25:48 | 000,018,066 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\uyy2qb2nixeuy64x76lad14
[2012/01/11 00:25:48 | 000,018,066 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\uyy2qb2nixeuy64x76lad14
[2012/01/09 18:01:34 | 000,016,500 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\036c1j4g1820
[2012/01/09 18:01:34 | 000,016,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\036c1j4g1820
[2011/12/23 12:25:16 | 000,016,392 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\4727uy07g8m3s12g7my1iy4678gag730
[2011/12/23 12:25:16 | 000,016,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4727uy07g8m3s12g7my1iy4678gag730
[2011/07/29 08:29:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\defogger_reenable
[2011/05/11 18:40:35 | 000,017,670 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp
[2011/05/11 18:40:35 | 000,017,670 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6lr8qybjn13oh6xyp8ivrd2x86m5wp
[2011/03/31 21:51:18 | 000,014,914 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o
[2011/03/31 21:51:18 | 000,014,914 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\40l3j85ka67376pv1f77tn526lmm2dsbdnf12x4o
[2011/03/10 20:27:12 | 000,012,608 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\267464291
[2010/10/24 08:52:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.cat
[2010/10/24 08:52:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.inf
[2008/10/09 11:04:27 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\default.pls
[2008/10/05 17:01:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\.rnd
[2007/01/27 17:32:35 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AutoGK.ini
[2006/06/12 08:00:42 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/11 08:13:54 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2010/12/09 08:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2012/08/28 06:25:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2010/12/09 08:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2005/08/30 13:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
-
Thanks for the help with the infection.
You said that you had a tool for my SD card that will unhide all of my files?
-
Sorry about that. I'm pasting the combofix log at the bottom.
For the most part, my computer has been fine. I had some issues a year or so ago, but now my only complaint is that it runs a little slow and the internet connection isn't as fast as it used to be - but my computer is at least 6 years old, so some of that is to be expected. The one major problem that I have is (and I don't know if that is related at all) I can't get my printer to install. All of the other computers in my house were able to load the drivers, but when I try to install it on this computer I keep getting an error message that says it can't connect to the printer so the driver never finishes the installation. I have tried it directly connecting to the printer via a USB cable and also over the wireless network in the house and neither worked. After running combofix, I tried the installation again, hoping that it would work - but it's still not working.
Thanks,
JF
ComboFix 13-03-28.01 - Compaq_Administrator 03/28/2013 14:25:59.14.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2378 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\267464291
c:\documents and settings\Compaq_Administrator\Application Data\2bec9f61
c:\documents and settings\Compaq_Administrator\Application Data\a3949061
c:\documents and settings\Compaq_Administrator\Application Data\cb31609e
c:\documents and settings\Compaq_Administrator\Application Data\dc94e89b
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\1655913888
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))
.
.
2013-03-08 04:08 . 2013-03-08 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 20:33 . 2012-05-20 22:23 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 20:33 . 2011-06-05 01:09 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2009-01-07 03:38 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-09 21:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-09 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-09 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-09 21:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-09 21:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-14 16:48 . 2013-01-14 16:48 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-01-07 01:19 . 2004-08-10 04:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-10 04:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-09 21:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-09 21:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-08 03:29 . 2013-03-08 03:28 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-01-24 08:02 383328 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-29 4780928]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2013-01-24 11184480]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2012-02-24 93504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1976920]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-17 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-17 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-17 136544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-05-20 198160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-11 110592]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-11 110592]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-3-9 36903]
Giganews Accelerator.lnk - c:\program files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 757760]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-11 286720]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\internet\eudora\EuShlExt.dll" [2005-11-14 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-09 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [8/25/2012 1:56 PM 15360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [7/5/2010 9:57 AM 8576]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/3/2010 10:50 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/27/2010 7:57 PM 136360]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [8/27/2009 5:09 PM 1253376]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\nero\Update\NASvc.exe [5/4/2010 1:07 PM 503080]
R2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [8/25/2012 1:50 PM 2833448]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 12:40 AM 144672]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [11/11/2010 12:54 PM 36224]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/15/2012 6:39 AM 245760]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [8/25/2012 1:56 PM 10368]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/24/2010 8:52 AM 47360]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [3/11/2012 1:08 PM 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [3/11/2012 1:08 PM 11520]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [8/7/2008 11:10 AM 3276800]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [11/11/2003 9:33 AM 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [11/11/2003 9:34 AM 22891]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [9/17/2007 7:28 PM 10240]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [11/11/2010 12:54 PM 134912]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ArcRec
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mrobeservice
sddmi2
symndis
vga
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 21:14 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 18:30 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 20:33]
.
2013-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 05:35]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-15 05:35]
.
2013-03-28 c:\windows\Tasks\ReclaimerUpdateFiles_Compaq_Administrator.job
- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36]
.
2013-03-28 c:\windows\Tasks\ReclaimerUpdateXML_Compaq_Administrator.job
- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36]
.
2013-03-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Compaq_Administrator.job
- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-20 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-02 19:07; crossriderapp4493@crossrider.com; c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\w95kl63c.default\extensions\crossriderapp4493@crossrider.com
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinPatrol - c:\program files\BillP Studios\WinPatrol\winpatrol.exe
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-28 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1116)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2920)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\NetRatingsNetSight\NetSight\nsmmc.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\ARPWRMSG.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DISC\DiscStreamHub.exe
c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
c:\windows\ALCXMNTR.EXE
.
**************************************************************************
.
Completion time: 2013-03-28 15:04:34 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-28 22:04
ComboFix2.txt 2012-02-06 03:15
.
Pre-Run: 14,615,588,864 bytes free
Post-Run: 18,859,630,592 bytes free
.
- - End Of File - - 3E574BFCF36F1D9F53B3EC7AE3370C90
-
Right now nothing is showing up on the SD card. It all disappeared when it got infected, and even after running the virus scan and deleting those new folders they haven't reappeared.
Attached is the ComboFix log. When it was running, a message popped up 'You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack.' I am assuming that ComboFix got rid of it, and I didn't have any problem accessing the internet like the message said I might.
Thanks!
JF
-
I deleted the files that were added by the infection - but I still can't see all of the files/folders that are supposed to be there. The output from look.bat says that those files are on the card, but they are hidden for some reason.
And, attached are the two output files from dds.
Thanks,
JF
-
N:\84612795 is not appearing when I look at the folder through Windows Explorer. I checked the properties on the other files and they all had the same target: F:\siuon.scr
The F drive is the other drive that pops up when the camera is loaded. It seems to include the media software for the camera (the drive appears with the label ArcSoft SW).
And to answer your question - you are correct, all of the files that you listed were not created by me. And the RECYCLER folder is also something that wasn't there before the infection.
Thanks,
JF
-
Here is the output. FYI - the N:\DCIM, N:\MISC and all of the files in the DCIM\100SPORT folder are what should be there - but those aren't appearing when I open the drive in Windows Explorer. The RECYCLER and the other .lnk files are the ones that popped up when it got infected.
And... thanks for helping me out with this problem.
JF
N:\DCIM
N:\MISC
N:\RECYCLER
N:\New Folder.lnk
N:\Passwords.lnk
N:\Documents.lnk
N:\Pictures.lnk
N:\Music.lnk
N:\Video.lnk
N:\84612795
N:\look.bat
N:\look.txt
N:\DCIM\100SPORT
N:\DCIM\100SPORT\100_0732.MOV
N:\DCIM\100SPORT\100_0733.JPG
N:\DCIM\100SPORT\100_0734.JPG
N:\DCIM\100SPORT\100_0735.JPG
N:\DCIM\100SPORT\100_0736.JPG
N:\DCIM\100SPORT\100_0737.JPG
N:\DCIM\100SPORT\100_0738.JPG
N:\DCIM\100SPORT\100_0739.JPG
N:\DCIM\100SPORT\100_0740.JPG
N:\DCIM\100SPORT\100_0741.JPG
N:\DCIM\100SPORT\100_0742.JPG
N:\DCIM\100SPORT\100_0743.JPG
N:\DCIM\100SPORT\100_0744.JPG
N:\DCIM\100SPORT\100_0745.JPG
N:\DCIM\100SPORT\100_0746.JPG
N:\DCIM\100SPORT\100_0747.JPG
N:\DCIM\100SPORT\100_0748.JPG
N:\DCIM\100SPORT\100_0749.JPG
N:\DCIM\100SPORT\100_0750.JPG
N:\DCIM\100SPORT\100_0751.JPG
N:\DCIM\100SPORT\100_0752.JPG
N:\DCIM\100SPORT\100_0753.JPG
N:\DCIM\100SPORT\100_0754.JPG
N:\DCIM\100SPORT\100_0755.JPG
N:\DCIM\100SPORT\100_0756.JPG
N:\DCIM\100SPORT\100_0757.JPG
N:\DCIM\100SPORT\100_0758.JPG
N:\DCIM\100SPORT\100_0759.JPG
N:\DCIM\100SPORT\100_0760.JPG
N:\DCIM\100SPORT\100_0761.JPG
N:\DCIM\100SPORT\100_0762.JPG
N:\DCIM\100SPORT\100_0763.JPG
N:\DCIM\100SPORT\100_0764.JPG
N:\DCIM\100SPORT\100_0765.JPG
N:\DCIM\100SPORT\100_0766.JPG
N:\DCIM\100SPORT\100_0767.JPG
N:\DCIM\100SPORT\100_0768.JPG
N:\DCIM\100SPORT\100_0769.JPG
N:\DCIM\100SPORT\100_0770.JPG
N:\DCIM\100SPORT\100_0771.JPG
N:\DCIM\100SPORT\100_0772.JPG
N:\DCIM\100SPORT\100_0773.MOV
N:\DCIM\100SPORT\100_0774.MOV
N:\DCIM\100SPORT\100_0775.MOV
N:\DCIM\100SPORT\100_0776.MOV
N:\DCIM\100SPORT\100_0777.MOV
N:\DCIM\100SPORT\100_0778.MOV
N:\DCIM\100SPORT\100_0779.MOV
N:\DCIM\100SPORT\100_0780.MOV
N:\DCIM\100SPORT\100_0781.MOV
N:\DCIM\100SPORT\100_0782.MOV
N:\DCIM\100SPORT\100_0783.MOV
N:\DCIM\100SPORT\100_0784.MOV
N:\DCIM\100SPORT\100_0785.MOV
N:\DCIM\100SPORT\100_0786.MOV
N:\DCIM\100SPORT\100_0787.MOV
N:\DCIM\100SPORT\100_0788.MOV
N:\DCIM\100SPORT\100_0789.MOV
N:\DCIM\100SPORT\100_0790.MOV
N:\DCIM\100SPORT\100_0791.MOV
N:\DCIM\100SPORT\100_0792.MOV
N:\DCIM\100SPORT\100_0793.MOV
N:\DCIM\100SPORT\100_0794.MOV
N:\DCIM\100SPORT\100_0795.MOV
N:\DCIM\100SPORT\100_0796.MOV
N:\DCIM\100SPORT\100_0797.MOV
N:\DCIM\100SPORT\100_0798.MOV
N:\DCIM\100SPORT\100_0799.MOV
N:\DCIM\100SPORT\100_0800.MOV
N:\DCIM\100SPORT\100_0801.MOV
N:\DCIM\100SPORT\100_0802.MOV
N:\DCIM\100SPORT\100_0803.JPG
N:\DCIM\100SPORT\100_0804.JPG
N:\DCIM\100SPORT\100_0805.JPG
N:\DCIM\100SPORT\100_0806.JPG
N:\DCIM\100SPORT\100_0807.JPG
N:\DCIM\100SPORT\100_0808.JPG
N:\DCIM\100SPORT\100_0809.JPG
N:\DCIM\100SPORT\100_0810.JPG
N:\DCIM\100SPORT\100_0811.JPG
N:\DCIM\100SPORT\100_0812.JPG
N:\DCIM\100SPORT\100_0813.JPG
N:\DCIM\100SPORT\100_0814.JPG
N:\DCIM\100SPORT\100_0815.JPG
N:\DCIM\100SPORT\100_0816.JPG
N:\DCIM\100SPORT\100_0817.JPG
N:\DCIM\100SPORT\100_0818.JPG
N:\DCIM\100SPORT\100_0819.JPG
N:\DCIM\100SPORT\100_0820.JPG
N:\DCIM\100SPORT\100_0821.JPG
N:\DCIM\100SPORT\100_0822.JPG
N:\DCIM\100SPORT\100_0823.JPG
N:\DCIM\100SPORT\100_0824.MOV
N:\DCIM\100SPORT\100_0825.JPG
N:\DCIM\100SPORT\100_0826.JPG
N:\DCIM\100SPORT\100_0827.JPG
N:\DCIM\100SPORT\100_0828.JPG
N:\DCIM\100SPORT\100_0829.JPG
N:\DCIM\100SPORT\100_0830.JPG
N:\DCIM\100SPORT\100_0831.JPG
N:\DCIM\100SPORT\100_0832.JPG
N:\DCIM\100SPORT\100_0833.JPG
N:\DCIM\100SPORT\100_0834.MOV
N:\DCIM\100SPORT\100_0835.MOV
N:\DCIM\100SPORT\100_0836.MOV
N:\DCIM\100SPORT\100_0837.MOV
N:\DCIM\100SPORT\100_0838.JPG
N:\DCIM\100SPORT\100_0839.MOV
N:\DCIM\100SPORT\100_0840.MOV
N:\DCIM\100SPORT\100_0841.MOV
N:\DCIM\100SPORT\100_0842.MOV
N:\DCIM\100SPORT\100_0843.MOV
N:\DCIM\100SPORT\100_0844.MOV
N:\DCIM\100SPORT\100_0845.JPG
N:\DCIM\100SPORT\100_0846.JPG
N:\DCIM\100SPORT\100_0847.JPG
N:\DCIM\100SPORT\100_0848.JPG
N:\DCIM\100SPORT\100_0849.JPG
N:\DCIM\100SPORT\100_0850.MOV
N:\DCIM\100SPORT\100_0851.JPG
N:\DCIM\100SPORT\100_0852.JPG
N:\DCIM\100SPORT\100_0853.JPG
N:\DCIM\100SPORT\100_0854.MOV
N:\DCIM\100SPORT\100_0855.MOV
N:\DCIM\100SPORT\100_0856.JPG
N:\DCIM\100SPORT\100_0857.JPG
N:\DCIM\100SPORT\100_0858.JPG
N:\DCIM\100SPORT\100_0859.JPG
N:\DCIM\100SPORT\100_0860.JPG
N:\DCIM\100SPORT\100_0861.JPG
N:\DCIM\100SPORT\100_0862.JPG
N:\DCIM\100SPORT\100_0863.MOV
N:\DCIM\100SPORT\100_0864.JPG
N:\DCIM\100SPORT\100_0865.JPG
N:\DCIM\100SPORT\100_0866.JPG
N:\DCIM\100SPORT\100_0867.JPG
N:\DCIM\100SPORT\100_0868.JPG
N:\DCIM\100SPORT\100_0869.JPG
N:\DCIM\100SPORT\100_0870.JPG
N:\DCIM\100SPORT\100_0871.JPG
N:\DCIM\100SPORT\100_0872.JPG
N:\DCIM\100SPORT\100_0873.JPG
N:\DCIM\100SPORT\100_0874.JPG
N:\DCIM\100SPORT\100_0875.JPG
N:\DCIM\100SPORT\100_0876.JPG
N:\DCIM\100SPORT\100_0877.JPG
N:\DCIM\100SPORT\100_0878.JPG
N:\DCIM\100SPORT\100_0879.JPG
N:\DCIM\100SPORT\100_0880.JPG
N:\DCIM\100SPORT\100_0881.MOV
N:\DCIM\100SPORT\100_0882.MOV
N:\DCIM\100SPORT\100_0883.MOV
N:\DCIM\100SPORT\100_0884.MOV
N:\DCIM\100SPORT\100_0885.JPG
N:\DCIM\100SPORT\100_0886.JPG
N:\DCIM\100SPORT\100_0887.JPG
N:\DCIM\100SPORT\100_0888.JPG
N:\DCIM\100SPORT\100_0889.JPG
N:\DCIM\100SPORT\100_0890.JPG
N:\DCIM\100SPORT\100_0891.JPG
N:\DCIM\100SPORT\100_0892.JPG
N:\DCIM\100SPORT\100_0893.JPG
N:\DCIM\100SPORT\100_0894.JPG
N:\DCIM\100SPORT\100_0895.JPG
N:\DCIM\100SPORT\100_0896.JPG
N:\DCIM\100SPORT\100_0897.JPG
N:\DCIM\100SPORT\100_0898.JPG
N:\DCIM\100SPORT\100_0899.JPG
N:\DCIM\100SPORT\100_0900.JPG
N:\DCIM\100SPORT\100_0901.JPG
N:\DCIM\100SPORT\100_0902.JPG
N:\DCIM\100SPORT\100_0903.JPG
N:\DCIM\100SPORT\100_0904.JPG
N:\DCIM\100SPORT\100_0905.JPG
N:\DCIM\100SPORT\100_0906.JPG
N:\DCIM\100SPORT\100_0907.MOV
N:\DCIM\100SPORT\100_0908.MOV
N:\DCIM\100SPORT\100_0909.MOV
N:\DCIM\100SPORT\100_0910.MOV
N:\DCIM\100SPORT\100_0911.MOV
N:\DCIM\100SPORT\100_0912.MOV
N:\DCIM\100SPORT\100_0913.MOV
N:\DCIM\100SPORT\100_0914.MOV
N:\DCIM\100SPORT\100_0915.MOV
N:\DCIM\100SPORT\100_0916.MOV
N:\DCIM\100SPORT\100_0917.MOV
N:\DCIM\100SPORT\100_0918.MOV
N:\DCIM\100SPORT\100_0919.JPG
N:\DCIM\100SPORT\100_0920.JPG
N:\DCIM\100SPORT\100_0921.JPG
N:\DCIM\100SPORT\100_0922.JPG
N:\DCIM\100SPORT\100_0923.JPG
N:\DCIM\100SPORT\100_0924.MOV
N:\DCIM\100SPORT\100_0925.MOV
N:\DCIM\100SPORT\100_0926.MOV
N:\DCIM\100SPORT\100_0927.MOV
N:\DCIM\100SPORT\100_0928.MOV
N:\DCIM\100SPORT\100_0929.MOV
N:\DCIM\100SPORT\100_0930.MOV
N:\DCIM\100SPORT\100_0931.MOV
N:\DCIM\100SPORT\100_0932.MOV
N:\DCIM\100SPORT\100_0933.MOV
N:\DCIM\100SPORT\100_0934.MOV
N:\DCIM\100SPORT\100_0935.MOV
N:\DCIM\100SPORT\100_0936.MOV
N:\DCIM\100SPORT\100_0937.MOV
N:\DCIM\100SPORT\100_0938.MOV
N:\DCIM\100SPORT\100_0939.JPG
N:\DCIM\100SPORT\100_0940.JPG
N:\DCIM\100SPORT\100_0941.JPG
N:\DCIM\100SPORT\100_0942.JPG
N:\DCIM\100SPORT\100_0943.JPG
N:\DCIM\100SPORT\100_0944.JPG
N:\DCIM\100SPORT\100_0945.JPG
N:\DCIM\100SPORT\100_0946.JPG
N:\DCIM\100SPORT\100_0947.JPG
N:\DCIM\100SPORT\100_0948.JPG
N:\DCIM\100SPORT\100_0949.MOV
N:\DCIM\100SPORT\100_0950.MOV
N:\DCIM\100SPORT\100_0951.MOV
N:\DCIM\100SPORT\100_0952.MOV
N:\DCIM\100SPORT\100_0953.MOV
N:\DCIM\100SPORT\100_0954.JPG
N:\DCIM\100SPORT\100_0955.JPG
N:\DCIM\100SPORT\100_0956.MOV
N:\DCIM\100SPORT\100_0957.MOV
N:\DCIM\100SPORT\100_0958.MOV
N:\DCIM\100SPORT\100_0959.MOV
N:\DCIM\100SPORT\100_0960.MOV
N:\DCIM\100SPORT\100_0961.MOV
N:\DCIM\100SPORT\100_0962.JPG
N:\DCIM\100SPORT\100_0963.JPG
N:\DCIM\100SPORT\100_0964.JPG
N:\DCIM\100SPORT\100_0965.JPG
N:\DCIM\100SPORT\100_0966.JPG
N:\DCIM\100SPORT\100_0967.JPG
N:\DCIM\100SPORT\100_0968.JPG
N:\DCIM\100SPORT\100_0969.JPG
N:\DCIM\100SPORT\100_0970.JPG
N:\DCIM\100SPORT\100_0971.MOV
N:\DCIM\100SPORT\100_0972.MOV
N:\DCIM\100SPORT\100_0973.MOV
N:\DCIM\100SPORT\100_0974.JPG
N:\DCIM\100SPORT\100_0975.JPG
N:\DCIM\100SPORT\100_0731.MOV
N:\DCIM\100SPORT\100_0976.MOV
N:\DCIM\100SPORT\100_0977.MOV
N:\DCIM\100SPORT\100_0978.MOV
N:\DCIM\100SPORT\100_0979.MOV
N:\DCIM\100SPORT\100_0980.MOV
N:\DCIM\100SPORT\100_0981.MOV
N:\DCIM\100SPORT\100_0982.JPG
N:\DCIM\100SPORT\100_0983.JPG
N:\DCIM\100SPORT\100_0984.JPG
N:\DCIM\100SPORT\100_0985.MOV
N:\DCIM\100SPORT\100_0986.MOV
N:\DCIM\100SPORT\100_0987.MOV
N:\DCIM\100SPORT\100_0988.JPG
N:\DCIM\100SPORT\100_0989.JPG
N:\DCIM\100SPORT\100_0990.JPG
N:\DCIM\100SPORT\100_0991.MOV
N:\DCIM\100SPORT\100_0992.MOV
N:\DCIM\100SPORT\100_0993.MOV
N:\DCIM\100SPORT\100_0994.MOV
N:\DCIM\100SPORT\100_0995.MOV
N:\DCIM\100SPORT\100_0996.MOV
N:\DCIM\100SPORT\100_0997.MOV
N:\DCIM\100SPORT\100_0998.MOV
N:\DCIM\100SPORT\100_0999.MOV
N:\DCIM\100SPORT\100_1000.MOV
N:\DCIM\100SPORT\100_1001.MOV
N:\DCIM\100SPORT\100_1002.MOV
N:\DCIM\100SPORT\100_1003.MOV
N:\DCIM\100SPORT\100_1004.MOV
N:\DCIM\100SPORT\100_1005.MOV
N:\DCIM\100SPORT\100_1006.MOV
N:\DCIM\100SPORT\100_1007.MOV
N:\DCIM\100SPORT\100_1008.MOV
N:\DCIM\100SPORT\100_1009.MOV
N:\DCIM\100SPORT\100_1010.MOV
N:\DCIM\100SPORT\100_1011.MOV
N:\DCIM\100SPORT\100_1012.JPG
N:\DCIM\100SPORT\100_1013.JPG
N:\DCIM\100SPORT\100_1014.JPG
N:\DCIM\100SPORT\100_1015.JPG
N:\DCIM\100SPORT\100_1016.JPG
N:\DCIM\100SPORT\100_1017.MOV
N:\DCIM\100SPORT\100_1018.MOV
N:\DCIM\100SPORT\100_1019.MOV
N:\DCIM\100SPORT\100_1020.MOV
N:\DCIM\100SPORT\100_1021.JPG
N:\DCIM\100SPORT\100_1022.JPG
N:\DCIM\100SPORT\100_1023.JPG
N:\DCIM\100SPORT\100_1024.JPG
N:\DCIM\100SPORT\100_1025.JPG
N:\DCIM\100SPORT\100_1026.JPG
N:\DCIM\100SPORT\100_1027.MOV
N:\DCIM\100SPORT\100_1028.JPG
N:\DCIM\100SPORT\100_1029.JPG
N:\DCIM\100SPORT\100_1030.JPG
N:\DCIM\100SPORT\100_1031.JPG
N:\DCIM\100SPORT\100_1032.JPG
N:\DCIM\100SPORT\100_1033.JPG
N:\DCIM\100SPORT\100_1034.JPG
N:\DCIM\100SPORT\100_1035.JPG
N:\DCIM\100SPORT\100_1036.JPG
N:\DCIM\100SPORT\100_1037.JPG
N:\DCIM\100SPORT\100_1038.JPG
N:\DCIM\100SPORT\100_1039.MOV
N:\DCIM\100SPORT\100_1040.MOV
N:\DCIM\100SPORT\100_1041.MOV
N:\DCIM\100SPORT\100_1042.MOV
N:\DCIM\100SPORT\100_1043.MOV
N:\DCIM\100SPORT\100_1044.MOV
N:\DCIM\100SPORT\100_1045.JPG
N:\DCIM\100SPORT\100_1046.JPG
N:\DCIM\100SPORT\100_1047.MOV
N:\DCIM\100SPORT\100_1048.JPG
N:\DCIM\100SPORT\100_1049.JPG
N:\DCIM\100SPORT\100_1050.JPG
N:\DCIM\100SPORT\100_1051.JPG
N:\DCIM\100SPORT\100_1052.JPG
N:\DCIM\100SPORT\100_1053.JPG
N:\DCIM\100SPORT\100_1054.JPG
N:\DCIM\100SPORT\100_1055.MOV
N:\DCIM\100SPORT\100_1056.MOV
N:\DCIM\100SPORT\100_1057.MOV
N:\DCIM\100SPORT\100_1058.MOV
N:\DCIM\100SPORT\100_1059.MOV
N:\DCIM\100SPORT\100_1060.MOV
N:\DCIM\100SPORT\100_1061.MOV
N:\DCIM\100SPORT\100_1062.MOV
N:\DCIM\100SPORT\100_1063.MOV
N:\DCIM\100SPORT\100_1064.MOV
N:\DCIM\100SPORT\100_1065.MOV
N:\DCIM\100SPORT\100_1066.MOV
N:\DCIM\100SPORT\100_1067.MOV
N:\DCIM\100SPORT\100_1068.MOV
N:\DCIM\100SPORT\100_1069.MOV
N:\DCIM\100SPORT\100_1070.MOV
N:\DCIM\100SPORT\100_1071.MOV
N:\DCIM\100SPORT\100_1072.MOV
N:\DCIM\100SPORT\100_1073.MOV
N:\DCIM\100SPORT\100_1074.MOV
N:\DCIM\100SPORT\100_1075.MOV
N:\DCIM\100SPORT\100_1076.MOV
N:\DCIM\100SPORT\100_1077.MOV
N:\DCIM\100SPORT\100_1078.MOV
N:\DCIM\100SPORT\100_1079.MOV
N:\DCIM\100SPORT\100_1080.MOV
N:\DCIM\100SPORT\100_1081.MOV
N:\DCIM\100SPORT\100_1082.MOV
N:\DCIM\100SPORT\100_1083.MOV
N:\DCIM\100SPORT\100_1084.MOV
N:\DCIM\100SPORT\100_1085.MOV
N:\DCIM\100SPORT\100_1086.MOV
N:\DCIM\100SPORT\100_1087.MOV
N:\DCIM\100SPORT\100_1088.MOV
N:\DCIM\100SPORT\100_1089.MOV
N:\DCIM\100SPORT\100_1090.MOV
N:\DCIM\100SPORT\100_1091.MOV
N:\DCIM\100SPORT\100_1092.MOV
N:\DCIM\100SPORT\100_1093.MOV
N:\DCIM\100SPORT\100_1094.MOV
N:\DCIM\100SPORT\100_1095.MOV
N:\DCIM\100SPORT\100_1096.MOV
N:\DCIM\100SPORT\100_1097.MOV
N:\DCIM\100SPORT\100_1098.MOV
N:\DCIM\100SPORT\100_1099.MOV
N:\DCIM\100SPORT\100_1100.MOV
N:\DCIM\100SPORT\100_1101.MOV
N:\DCIM\100SPORT\100_1102.MOV
N:\DCIM\100SPORT\100_1103.MOV
N:\DCIM\100SPORT\100_1104.MOV
N:\DCIM\100SPORT\100_1105.MOV
N:\DCIM\100SPORT\100_1106.MOV
N:\DCIM\100SPORT\100_1107.JPG
N:\DCIM\100SPORT\100_1108.JPG
N:\DCIM\100SPORT\100_1109.JPG
N:\DCIM\100SPORT\100_1110.JPG
N:\DCIM\100SPORT\100_1111.JPG
N:\DCIM\100SPORT\100_1112.JPG
N:\DCIM\100SPORT\100_1113.JPG
N:\DCIM\100SPORT\100_1114.JPG
N:\DCIM\100SPORT\100_1115.JPG
N:\DCIM\100SPORT\100_1116.JPG
N:\DCIM\100SPORT\100_1117.JPG
N:\DCIM\100SPORT\100_1118.JPG
N:\DCIM\100SPORT\100_1119.JPG
N:\DCIM\100SPORT\100_1120.JPG
N:\DCIM\100SPORT\100_1121.JPG
N:\DCIM\100SPORT\100_1122.JPG
N:\DCIM\100SPORT\100_1123.JPG
N:\DCIM\100SPORT\100_1124.JPG
N:\DCIM\100SPORT\100_1125.JPG
N:\DCIM\100SPORT\100_1126.JPG
N:\DCIM\100SPORT\100_1127.JPG
N:\DCIM\100SPORT\100_1128.JPG
N:\DCIM\100SPORT\100_1129.JPG
N:\DCIM\100SPORT\100_1130.JPG
N:\DCIM\100SPORT\100_1131.JPG
N:\DCIM\100SPORT\100_1132.JPG
N:\DCIM\100SPORT\100_1133.JPG
N:\DCIM\100SPORT\100_1134.JPG
N:\DCIM\100SPORT\100_1135.JPG
N:\DCIM\100SPORT\100_1136.JPG
N:\DCIM\100SPORT\100_1137.JPG
N:\DCIM\100SPORT\100_1138.JPG
N:\DCIM\100SPORT\100_1139.JPG
N:\DCIM\100SPORT\100_1140.JPG
N:\DCIM\100SPORT\100_1141.JPG
N:\DCIM\100SPORT\100_1142.JPG
N:\DCIM\100SPORT\100_1143.JPG
N:\DCIM\100SPORT\100_1144.JPG
N:\DCIM\100SPORT\100_1145.JPG
N:\DCIM\100SPORT\100_1146.JPG
N:\DCIM\100SPORT\100_1147.JPG
N:\DCIM\100SPORT\100_1148.JPG
N:\DCIM\100SPORT\100_1149.JPG
N:\DCIM\100SPORT\100_1150.JPG
N:\DCIM\100SPORT\100_1151.JPG
N:\DCIM\100SPORT\100_1152.JPG
N:\DCIM\100SPORT\100_1153.JPG
N:\DCIM\100SPORT\100_1154.JPG
N:\DCIM\100SPORT\100_1155.JPG
N:\DCIM\100SPORT\100_1156.JPG
N:\DCIM\100SPORT\100_1157.JPG
N:\DCIM\100SPORT\100_1158.JPG
N:\DCIM\100SPORT\100_1159.JPG
N:\DCIM\100SPORT\100_1160.JPG
N:\DCIM\100SPORT\100_1161.JPG
N:\DCIM\100SPORT\100_1162.JPG
N:\DCIM\100SPORT\100_1163.JPG
N:\DCIM\100SPORT\100_1164.JPG
N:\DCIM\100SPORT\100_1165.JPG
N:\DCIM\100SPORT\100_1166.JPG
N:\DCIM\100SPORT\100_1167.JPG
N:\DCIM\100SPORT\100_1168.JPG
N:\DCIM\100SPORT\100_1169.JPG
N:\DCIM\100SPORT\100_1170.JPG
N:\DCIM\100SPORT\100_1171.JPG
N:\DCIM\100SPORT\100_1172.JPG
N:\DCIM\100SPORT\100_1173.JPG
N:\DCIM\100SPORT\100_1174.JPG
N:\DCIM\100SPORT\100_1175.JPG
N:\DCIM\100SPORT\100_1176.JPG
N:\DCIM\100SPORT\100_1177.JPG
N:\DCIM\100SPORT\100_1178.JPG
N:\DCIM\100SPORT\100_1179.JPG
N:\DCIM\100SPORT\100_1180.JPG
N:\DCIM\100SPORT\100_1181.JPG
-
I plugged my camera into a computer at work and it picked up some malware. Now when I go to explore the contents of the SD card, instead of seeing the picture/video files, it shows 7 folders (shortcuts to Documents, Music, New Folder, Passwords, Video, and Pictures - and a folder called RECYCLER).
My virus scanner at work picked it up as having a Win32.(something) virus - sorry, I didn't get the whole thing written down. I ran the virus scan and it said that it removed the issue - but the picture/video files are still not showing up. When I click on one of the folder links, I get a message that "the item 'siuon.scr' that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?" So, it seems that the virus scan may have done something, but it's not the whole way fixed.
I ran Malwarebytes on the camera (it comes up as two separate drives when plugged in - one for what appears to be the internal memory of the camera and a second for the SD card) on both drives and nothing came up. I ran the dds file like instructed, but that only looked at my internal harddrive, and not the drives on the camera. I have looked all over online and I can't seem to find much info on how to clean external drives like an SD card.
Any help that you can offer would be much appreciated.
Thanks,
JF
-
I have picked up something that is either creating files and eating up all of my hard drive disk space or is somehow tricking my system to think it has no space.
I went to bed the other evening and had approx 20GB of free space - when I got on the next morning, I had 0. I then moved about 5-6 GB of stuff to an external drive and a little while later I checked and that space also disappeared.
I ran MBAM (and superantispyware) and nothing was found.
I restarted my computer into safe mode - and now it says it has just under 1GB of space (which isn't correct, but at least it is enough space to allow me to download and run DDS.scr). Results are below.
BTW - I did a search for any large files to see if the virus was creating some fake files to eat up the space - and didn't see anything unusual in the search results. So, I don't know where the missing space is going.
Thanks for your help.
JF
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Run by Compaq_Administrator at 8:34:15 on 2012-01-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.576 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {14b82fbc-650e-4ee6-a219-d19d0c50612f} - c:\documents and settings\compaq_administrator\local settings\application data\ShellWin32.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi0498~1\datamngr\IEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjYzMjA3NDEzLUZMMTArMS1ERFQrNTA4MS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzE"&"prod=90"&"ver=10.0.1392
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0)
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-3 116608]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-11 127744]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 66616]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-11 36224]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2007-9-17 10240]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-11 134912]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
.
=============== Created Last 30 ================
.
2011-12-30 04:47:52 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-12-20 01:28:05 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2011-12-20 00:53:45 -------- d-----w- c:\documents and settings\compaq_administrator\AppData
2011-12-20 00:53:43 -------- d-----w- c:\documents and settings\compaq_administrator\application data\searchquband
2011-12-20 00:52:39 -------- d-----w- c:\documents and settings\compaq_administrator\application data\searchqutoolbar
2011-12-20 00:52:21 -------- d-----w- c:\program files\Windows Savevid Toolbar
2011-12-20 00:52:15 -------- dc-h--w- c:\documents and settings\all users\application data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
2011-12-20 00:52:10 -------- d-----w- c:\program files\Savevid
2011-12-20 00:51:32 -------- d-----w- c:\documents and settings\compaq_administrator\local settings\application data\PackageAware
2011-12-20 00:35:56 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Any Flv Converter
2011-12-20 00:35:53 -------- d-----w- c:\program files\Any Flv Converter
2011-12-15 15:02:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-15 15:02:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-15 03:50:58 602112 ----a-w- c:\windows\system32\SET44.tmp
2011-12-15 03:50:55 55296 ----a-w- c:\windows\system32\SET43.tmp
2011-12-15 03:50:52 105984 ----a-w- c:\windows\system32\SET3E.tmp
2011-12-15 03:50:49 2000384 ----a-w- c:\windows\system32\SET48.tmp
2011-12-15 03:50:46 916992 ----a-w- c:\windows\system32\SET3C.tmp
2011-12-15 03:50:44 1212416 ----a-w- c:\windows\system32\SET3D.tmp
2011-12-15 03:50:41 5978112 ----a-w- c:\windows\system32\SET42.tmp
2011-12-15 03:50:38 11081728 ----a-w- c:\windows\system32\SET4A.tmp
2011-12-09 03:00:47 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 03:54:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-03 03:54:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\SET7C.tmp
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 01:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 8:35:19.26 ===============
-
I have picked up something that is either creating files and eating up all of my hard drive disk space or is somehow tricking my system to think it has no space.
I went to bed the other evening and had approx 20GB of free space - when I got on the next morning, I had 0. I then moved about 5-6 GB of stuff to an external drive and a little while later I checked and that space also disappeared.
I ran MBAM (and superantispyware) and nothing was found.
Since I don't have any disk space, I can't even download the dds.scr file. I tried deleting something to create enough room for dds, but once a file is deleted, that empty space is immediately eaten and I go back to 0 space available. I tried to save it to my external HDD and run it from there, but I couldn't the file to save there either.
I don't even know where to start with this.
Thanks for your help.
JF
-
I have two things (at least) going on with my computer.
- I've had that annoying thing where I am redirected to the wrong site when clicking on a Google search link. That has been going on for a while, and MBAM hasn't been able to remove it.
- Then the other day I picked up the Security Shield malware and those annoying popups. I have run MBAM in safe mode and that hasn't fixed it. I have tried to run combofix, but it says it can't run while AVG is running - but I uninstalled that a while back, but combofix is still picking it up.
Below is the dds.txt file and I've attached attach.zip.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Run by Compaq_Administrator at 20:30:38 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.182 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\APPLIC~1\szxnverrki.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\IoctlSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {14b82fbc-650e-4ee6-a219-d19d0c50612f} - c:\documents and settings\compaq_administrator\local settings\application data\ShellWin32.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [YahooPartnerToolbar Update] rundll32
uRun: [TikGames Update] rundll32
uRun: [DisplayOnlineNotifier] rundll32.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjYzMjA3NDEzLUZMMTArMS1ERFQrNTA4MS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzE"&"prod=90"&"ver=10.0.1392
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gigane~1.lnk - c:\program files\giganews accelerator\GiganewsAccelerator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{68ABC49C-2AAA-455E-B332-0CE29F0E8C0C} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-11 127744]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-8-3 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 66616]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-11 36224]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 269480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 softctrl;Software Flow Control Driver;c:\windows\system32\drivers\softctrl.sys [2007-9-17 10240]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-11 134912]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
.
=============== Created Last 30 ================
.
2011-12-17 04:50:12 366592 ----a-w- c:\documents and settings\compaq_administrator\local settings\application data\szxnverrki.exe
2011-12-15 15:02:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-15 15:02:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-15 03:50:58 602112 ----a-w- c:\windows\system32\SET44.tmp
2011-12-15 03:50:55 55296 ----a-w- c:\windows\system32\SET43.tmp
2011-12-15 03:50:52 105984 ----a-w- c:\windows\system32\SET3E.tmp
2011-12-15 03:50:49 2000384 ----a-w- c:\windows\system32\SET48.tmp
2011-12-15 03:50:46 916992 ----a-w- c:\windows\system32\SET3C.tmp
2011-12-15 03:50:44 1212416 ----a-w- c:\windows\system32\SET3D.tmp
2011-12-15 03:50:41 5978112 ----a-w- c:\windows\system32\SET42.tmp
2011-12-15 03:50:38 11081728 ----a-w- c:\windows\system32\SET4A.tmp
2011-12-09 03:00:47 -------- d-----w- c:\program files\Bonjour
2011-12-03 03:56:56 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-12-03 03:55:55 -------- d-----w- c:\program files\common files\xing shared
2011-12-03 03:55:18 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-12-03 03:54:53 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-12-03 02:19:16 -------- d-----w- C:\Kindle Library
.
==================== Find3M ====================
.
2011-12-03 03:54:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-03 03:54:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\SET7C.tmp
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 01:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200826AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85B584C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x85b5f8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x85b5f730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8633AAB8]
3 CLASSPNP[0xF7590FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x86384F18]
5 ACPI[0xF7407620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8638F940]
\Driver\atapi[0x85BC7BE0] -> IRP_MJ_CREATE -> 0x85B584C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85B582E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:31:32.73 ===============
-
Here is the result for acroff.dll
Antivirus Version Last Update Result
AhnLab-V3 2010.10.07.00 2010.10.06 -
AntiVir 7.10.12.142 2010.10.06 -
Antiy-AVL 2.0.3.7 2010.10.07 -
Authentium 5.2.0.5 2010.10.07 -
AVG 9.0.0.851 2010.10.06 -
BitDefender 7.2 2010.10.07 -
CAT-QuickHeal 11.00 2010.10.05 -
Comodo 6305 2010.10.06 -
DrWeb 5.0.2.03300 2010.10.07 -
eSafe 7.0.17.0 2010.10.06 -
eTrust-Vet 36.1.7895 2010.10.06 -
F-Prot 4.6.2.117 2010.10.06 -
F-Secure 9.0.15370.0 2010.10.07 -
Fortinet 4.2.249.0 2010.10.06 -
GData 21 2010.10.07 -
Ikarus T3.1.1.90.0 2010.10.07 -
Jiangmin 13.0.900 2010.10.06 -
K7AntiVirus 9.63.2689 2010.10.06 -
McAfee 5.400.0.1158 2010.10.07 -
McAfee-GW-Edition 2010.1C 2010.10.07 -
Microsoft 1.6201 2010.10.06 -
NOD32 5510 2010.10.06 -
Norman 6.06.07 2010.10.06 -
nProtect 2010-10-06.02 2010.10.06 -
Panda 10.0.2.7 2010.10.06 -
PCTools 7.0.3.5 2010.10.02 -
Prevx 3.0 2010.10.07 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.07 -
Sunbelt 7003 2010.10.07 -
SUPERAntiSpyware 4.40.0.1006 2010.10.07 -
Symantec 20101.2.0.161 2010.10.06 -
TheHacker 6.7.0.1.050 2010.10.06 -
TrendMicro 9.120.0.1004 2010.10.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.07 -
VBA32 3.12.14.1 2010.10.06 -
ViRobot 2010.10.4.4074 2010.10.07 -
VirusBuster 12.67.6.0 2010.10.06 -
Additional informationShow all
MD5 : 0dc983faaf61c8890ea58f43017cf7fb
SHA1 : 51d3352769b8b28c33ec1159fd16300d558adcfb
SHA256: e7acd6c79d36ea8ba8e2031bc10514c822fef11fc4f38bcdc7c155fdc87380d4
Here is the result for srvblck2.tmp
Antivirus Version Last Update Result
AhnLab-V3 2010.10.07.00 2010.10.06 -
AntiVir 7.10.12.142 2010.10.06 -
Antiy-AVL 2.0.3.7 2010.10.07 -
Authentium 5.2.0.5 2010.10.07 -
Avast 4.8.1351.0 2010.10.07 -
Avast5 5.0.594.0 2010.10.07 -
AVG 9.0.0.851 2010.10.06 -
BitDefender 7.2 2010.10.07 -
CAT-QuickHeal 11.00 2010.10.05 -
ClamAV 0.96.2.0-git 2010.10.06 -
Comodo 6305 2010.10.06 -
DrWeb 5.0.2.03300 2010.10.07 -
Emsisoft 5.0.0.50 2010.10.07 -
eSafe 7.0.17.0 2010.10.06 -
eTrust-Vet 36.1.7895 2010.10.06 -
F-Prot 4.6.2.117 2010.10.06 -
F-Secure 9.0.15370.0 2010.10.07 -
Fortinet 4.2.249.0 2010.10.06 -
GData 21 2010.10.07 -
Ikarus T3.1.1.90.0 2010.10.07 -
Jiangmin 13.0.900 2010.10.06 -
K7AntiVirus 9.63.2689 2010.10.06 -
Kaspersky 7.0.0.125 2010.10.07 -
McAfee 5.400.0.1158 2010.10.07 -
McAfee-GW-Edition 2010.1C 2010.10.07 -
Microsoft 1.6201 2010.10.06 -
NOD32 5510 2010.10.06 -
Norman 6.06.07 2010.10.06 -
nProtect 2010-10-06.02 2010.10.06 -
Panda 10.0.2.7 2010.10.06 -
PCTools 7.0.3.5 2010.10.02 -
Prevx 3.0 2010.10.07 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.07 -
Sunbelt 7003 2010.10.07 -
SUPERAntiSpyware 4.40.0.1006 2010.10.07 -
Symantec 20101.2.0.161 2010.10.06 -
TheHacker 6.7.0.1.050 2010.10.06 -
TrendMicro 9.120.0.1004 2010.10.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.07 -
VBA32 3.12.14.1 2010.10.06 -
ViRobot 2010.10.4.4074 2010.10.07 -
VirusBuster 12.67.6.0 2010.10.06 -
Additional informationShow all
MD5 : 71e67b258fee325462f31410688385bb
SHA1 : 14789121e2beb5ede1e8c9dc54c75eece86e278d
SHA256: 86df9c2234d1403e66fef7d7b12e7a2f046dc86a0dce3ec6699972fe24a8a876
Attached is the ESET log.
One other thing... I noticed two files c:\pagefile.sys and c:\hyberfil.sys. These two files are 1.4 GB and 940MB, respectively. I have never noticed them before - but their large size caught my eye. Are they supposed to be there, and that big?
-
We seem to be doing better. I've had my web browser open for a half an hour and haven't had any unwanted pop-ups so far.
Firefox is still crashing when I try to upload my ComboFix log. =(
Thanks,
JF
DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Administrator at 19:47:49.76 on Mon 10/04/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.426 [GMT -7:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\IoctlSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nike+ Connect] "c:\program files\nike\nike+ connect\Nike+ Connect daemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: AntiVirusDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: UpdatesDisableNotify = 2089930448 (0x7c91ced0)
uPolicies-explorer: FirewallDisableNotify = 2089930448 (0x7c91ced0)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - hxxp://zone.msn.com/bingame/pacz/default/pandaonline.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://sympatico.zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/gold/UnSkin/gf.cab
DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} - hxxp://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.87.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\internet\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\w95kl63c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\windows\system32\5005\components\AcroFF.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\w95kl63c.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-27 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2010-7-5 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-27 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 60936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-16 20952]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-16 304464]
S3 MEISTRM;MEI AVC Streaming Filter Driver;c:\windows\system32\drivers\meistrm.sys [2003-11-11 13195]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
=============== Created Last 30 ================
2010-10-03 01:09:11 0 d-----w- c:\program files\ESET
2010-09-30 01:54:18 0 d-----w- c:\docume~1\compaq~1\applic~1\Avira
2010-09-30 01:43:32 0 d-----w- c:\windows\system32\NtmsData
2010-09-29 13:47:10 0 d-sha-r- C:\cmdcons
2010-09-29 13:26:51 77312 ----a-w- c:\windows\MBR.exe
2010-09-29 13:26:51 256512 ----a-w- c:\windows\PEV.exe
2010-09-28 02:57:00 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-28 02:57:00 0 d-----w- c:\program files\Avira
2010-09-28 02:57:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-09-26 00:38:41 0 d-----w- c:\windows\system32\xmldm
2010-09-25 01:08:38 0 ----a-w- c:\windows\system32\w95kl63c.default.tmp
2010-09-25 01:00:46 41984 ----a-w- c:\windows\system32\w95kl63c.default.dat
2010-09-24 13:29:39 0 d-----w- c:\windows\system32\5005
2010-09-24 13:29:30 112 ----a-w- c:\windows\system32\srvblck2.tmp
2010-09-24 13:29:15 0 d-----w- c:\windows\system32\cock
==================== Find3M ====================
2010-09-05 04:43:12 68600 ----a-w- c:\docume~1\compaq~1\applic~1\GDIPFONTCACHEV1.DAT
2010-08-28 03:27:21 135184 ----a-w- c:\windows\system32\drivers\DefragFs.sys
2010-08-28 03:26:54 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-07-14 22:40:39 54236 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-11 16:22:49 160275 ----a-w- c:\windows\Sqirlz Morph Uninstaller.exe
2008-12-09 15:23:13 47616 --sh--r- c:\windows\system32\appconf32.exe
2009-01-11 21:55:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011120090112\index.dat
============= FINISH: 19:48:03.82 ===============
Infection on an SD memory card
in Resolved Malware Removal Logs
Posted
Cool. I ran those couple of things and I installed the programs that you suggested.
Thanks again for all of your help. You are much appreciated.
JF