[icywhite2008]

I run Windows XP home edition and have found similar threads here about this specific issue. When attempting to run any of my antivirus software or malware removal software I receive the Windows error "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I have tried a system restore, and run the TFC (Temp File Cleaner) program from the Malware and Spyware removal guide located in this forum. I have also downloaded and run the Combo-Fix.exe and saved the log file. I know I probably shouldn't have run it without specific instructions to do so but I was trying to avoid having to have someone work on my specific problem when it's been addressed so many times in the forum previously. I did find a topic related to my specific infected file from my Combo-Fix report but thought it would be best to stop at this point and post for further instructions.

I do work soley from my computer and really REALLY appreciate any help in repairing my PC! You guys have been a tremendous help to me in the past and I just can't thank you enough for all you do!

Please let me know exactly what I need to do or post and I will do that right away.

Thanks so much in advance again for any and all help!!

[Advertisements]

Hi,

Lets see what we can do.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[chamber]

Hi,

Lets see what we can do.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[icywhite2008]

Thanks so much for your fast reply chamber!

Below are the results of my log from exehelper. I have run the combo-fix.exe and saved the log from this morning, prior to posting in the forum and prior to running exehelper just now. Should I download and run combo-fix again or would the log from this morning be sufficient?

exe helper log
===================

exeHelper by Raktor - 09
Build 20090925
Run at 11:08:55 on 10/15/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

[chamber]

Post the log from this morning and I'll take a look at that.

[icywhite2008]

Whew super fast again thank YOU!

Here is my log file from combo-fix this morning:

Combo-Fix Log
=====================


ComboFix 09-10-14.09 - Winter Dream Machine 10/15/2009 7:54.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1422 [GMT -5:00]
Running from: c:\documents and settings\Winter Dream Machine\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 091014-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Sultan of Persia
c:\documents and settings\Winter Dream Machine\Application Data\Adobe\crc.dat
c:\windows\desktop
c:\windows\desktop\Cuddle 'n Care ™.lnk
c:\windows\Installer\21c4a83d.msp
c:\windows\Installer\21c4a851.msp
c:\windows\Installer\21c4a866.msp
c:\windows\Installer\21c4a868.msp
c:\windows\Installer\21c4a883.msp
c:\windows\Installer\21c4a88c.msp
c:\windows\Installer\21c4a8a1.msp
c:\windows\Installer\21c4a8b6.msp
c:\windows\Installer\21c4a8cb.msp
c:\windows\Installer\21c4a8d5.msp
c:\windows\Installer\6f2520.msp
c:\windows\msa.exe
c:\windows\Sultan of Persia
c:\windows\system32\atcpcroe.ini
c:\windows\system32\Cache
c:\windows\win32k.sys

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 05:44 . 2009-10-15 05:44 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\KlickTock
2009-10-15 03:44 . 2009-10-15 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-15 03:40 . 2009-10-15 03:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-15 03:40 . 2009-10-15 03:40 -------- d-----w- c:\program files\Campfire Legends The Hookman
2009-10-14 14:05 . 2009-10-14 14:05 -------- d-----w- c:\windows\Campfire Legends The Hookman
2009-10-13 21:41 . 2009-10-13 21:41 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Evoly
2009-10-13 14:34 . 2009-10-13 14:34 -------- d-----w- c:\program files\Trymedia
2009-10-13 14:32 . 2009-10-13 14:32 -------- d-----w- c:\windows\Agatha Christie - Dead Mans Folly
2009-10-13 14:32 . 2009-10-13 14:32 -------- d-----w- c:\program files\Agatha Christie - Dead Mans Folly
2009-10-11 05:32 . 2009-10-11 05:32 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Ph03nixNewMedia
2009-10-10 22:27 . 2009-10-10 22:27 -------- d-----w- c:\program files\Curse of the Pharaoh - Tears of Sekhmet
2009-10-10 22:27 . 2009-10-10 22:27 -------- d-----w- c:\windows\Curse of the Pharaoh - Tears of Sekhmet
2009-10-09 14:27 . 2009-10-09 19:33 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\ElementalsTheMagicKey
2009-10-09 14:10 . 2009-10-09 14:10 -------- d-----w- c:\program files\Playrix Entertainment
2009-10-09 14:00 . 2009-10-09 14:00 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Enki Games
2009-10-07 22:25 . 2009-10-07 22:25 -------- d-----w- c:\program files\Samorost2
2009-10-07 19:40 . 2009-10-07 19:40 -------- d-----w- c:\program files\Machinarium
2009-10-03 05:37 . 2009-10-03 05:37 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\casanova
2009-10-03 05:32 . 2009-10-03 05:32 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Magic Academy 2
2009-10-01 03:52 . 2009-10-02 17:03 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Freezetag
2009-09-29 17:53 . 2009-10-03 19:43 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\FileZilla
2009-09-29 17:52 . 2009-09-29 17:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-26 00:44 . 2009-09-26 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SOS
2009-09-25 04:49 . 2009-09-25 04:49 -------- d-----w- c:\program files\Joes Garden
2009-09-25 04:49 . 2009-09-25 04:49 -------- d-----w- c:\windows\Joes Garden
2009-09-24 13:10 . 2009-09-24 13:10 -------- d-----w- c:\program files\Adobe Media Player
2009-09-21 13:26 . 2009-10-01 13:06 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\ERS G-Studio
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\program files\Paradise Beach
2009-09-21 04:29 . 2009-09-21 04:29 -------- d-----w- c:\windows\Paradise Beach
2009-09-19 04:36 . 2009-09-19 04:36 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\MonteCristo2
2009-09-17 03:41 . 2009-09-17 03:41 -------- d-----w- c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Electronic Arts
2009-09-17 03:41 . 2009-09-17 03:41 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-16 21:26 . 2009-09-16 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Brainiversity2
2009-09-16 20:50 . 2009-09-16 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprouts Adventure
2009-09-16 04:52 . 2009-09-16 04:52 -------- d-----w- c:\program files\Brainiversity 2
2009-09-16 04:52 . 2009-09-16 04:52 -------- d-----w- c:\windows\Brainiversity 2
2009-09-15 23:25 . 2009-09-15 23:25 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\GraveyardShift
2009-09-15 22:34 . 2009-09-15 22:34 -------- d-----w- c:\program files\AdnanBoy
2009-09-15 14:39 . 2009-09-15 14:39 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Merscom
2009-09-15 14:39 . 2009-09-15 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 08:41 . 2008-07-10 16:13 492312 ----a-w- c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 03:51 . 2009-02-27 02:28 368476 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-15 03:16 . 2008-07-16 05:57 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Skype
2009-10-15 01:21 . 2008-07-16 05:59 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\skypePM
2009-10-14 01:55 . 2008-08-30 22:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-13 19:50 . 2008-10-17 13:28 -------- d-----w- c:\program files\Games
2009-10-13 14:44 . 2008-10-18 22:58 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Flood Light Games
2009-10-13 14:44 . 2008-10-18 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Flood Light Games
2009-10-13 03:32 . 2008-08-22 18:26 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\BitTorrent
2009-10-12 15:42 . 2008-10-19 14:08 32 ----a-w- c:\windows\popcinfo.dat
2009-10-12 05:21 . 2008-07-10 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-11 18:14 . 2008-12-12 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-10 15:59 . 2008-09-07 00:11 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Playrix Entertainment
2009-10-08 17:47 . 2008-09-07 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-10-05 21:33 . 2008-10-15 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2009-10-05 19:51 . 2008-07-16 04:25 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\CoreFTP
2009-10-01 10:16 . 2008-11-03 20:26 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Move Networks
2009-09-25 17:26 . 2008-10-21 22:16 -------- d-----w- c:\program files\Lx_cats
2009-09-25 05:35 . 2009-08-25 05:23 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\HSA
2009-09-25 05:02 . 2008-10-19 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-09-24 19:42 . 2008-10-10 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear
2009-09-24 13:12 . 2009-04-15 22:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-21 13:24 . 2008-07-10 18:57 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\iolo
2009-09-18 04:16 . 2008-10-01 21:28 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\funkitron
2009-09-17 04:00 . 2008-09-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2009-09-16 21:00 . 2008-07-10 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 20:57 . 2009-08-18 19:40 -------- d-----w- c:\program files\Encore
2009-09-15 23:40 . 2008-11-14 23:53 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Valusoft
2009-09-15 23:40 . 2008-11-14 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Valusoft
2009-09-14 22:59 . 2008-07-10 16:13 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Corel
2009-09-14 22:58 . 2008-07-10 16:13 7572 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-14 20:08 . 2009-09-14 20:08 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Sanna
2009-09-14 18:37 . 2009-09-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DivoGames
2009-09-14 18:12 . 2009-09-14 18:11 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Once Upon a Time in Chicago
2009-09-14 18:11 . 2009-09-14 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Once Upon a Time in Chicago
2009-09-14 18:04 . 2009-09-14 18:03 -------- d-----w- c:\program files\Be Rich
2009-09-09 19:31 . 2009-05-16 00:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 17:47 . 2008-10-02 15:08 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\PlayFirst
2009-09-09 17:47 . 2008-10-02 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-07 23:17 . 2009-09-07 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\EscapeFromParadise2
2009-09-06 14:38 . 2009-09-06 14:38 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\DivoGames
2009-09-06 14:32 . 2009-09-06 14:32 -------- d-----w- c:\program files\Be Richer
2009-09-05 22:28 . 2008-09-29 17:27 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Big Fish Games
2009-09-05 04:23 . 2008-07-16 00:10 -------- d-----w- c:\program files\Trillian
2009-09-04 22:59 . 2009-09-04 22:59 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Little Noir Stories
2009-09-04 22:53 . 2008-11-15 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2009-09-04 04:24 . 2009-09-04 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-09-02 20:17 . 2009-09-01 14:06 -------- d-----w- c:\program files\Awem studio
2009-09-02 13:57 . 2009-09-02 13:57 -------- d-----w- c:\program files\Monopoly - Build-a-Lot Edition
2009-09-02 04:24 . 2009-09-02 03:39 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\VampireSaga
2009-09-01 20:50 . 2009-09-01 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Awem
2009-08-30 15:18 . 2009-08-30 15:17 -------- d-----w- c:\program files\Call Of Atlantis
2009-08-30 15:12 . 2009-08-30 15:12 -------- d-----w- c:\program files\Lost Realms Legacy of the Sun Princess
2009-08-30 06:04 . 2009-08-30 05:48 -------- d-----w- c:\program files\Kelly Green Garden Queen
2009-08-30 06:04 . 2008-09-18 14:58 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\iWin
2009-08-30 05:39 . 2009-08-30 05:39 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Camel101
2009-08-29 04:19 . 2009-08-29 04:18 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\SprillRichiEng
2009-08-28 15:29 . 2009-07-24 05:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-28 15:29 . 2008-07-10 19:01 2116008 ----a-w- c:\windows\system32\Incinerator.dll
2009-08-26 20:42 . 2008-07-10 19:01 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 20:42 . 2008-07-10 19:01 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-26 03:38 . 2009-08-26 03:38 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\HdO Adventure
2009-08-25 20:26 . 2008-09-04 00:43 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\blg
2009-08-25 20:26 . 2008-09-04 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-08-25 16:26 . 2009-01-21 02:31 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\GameHouse
2009-08-25 16:26 . 2009-08-25 16:26 -------- d-----w- c:\program files\GameHouse
2009-08-25 16:12 . 2009-08-25 16:12 -------- d-----w- c:\program files\Cake Mania 3
2009-08-25 15:29 . 2009-08-25 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\game_fillup_v2_usa
2009-08-22 20:01 . 2008-09-03 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-08-22 18:00 . 2009-02-26 06:49 -------- d-----w- c:\program files\Safari
2009-08-21 15:58 . 2009-08-21 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-08-20 20:53 . 2009-07-06 05:14 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\MA
2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-20 03:41 . 2009-08-19 21:49 -------- d-----w- c:\program files\Ancient Hearts And Spades
2009-08-20 03:21 . 2009-08-19 22:35 -------- d-----w- c:\program files\Nanny Mania 2 Hollywood
2009-08-20 03:16 . 2009-08-20 03:15 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\TimeQuest
2009-08-19 22:52 . 2009-08-19 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\3 Blokes Studios
2009-08-19 22:32 . 2009-08-19 22:31 -------- d-----w- c:\program files\Time Quest
2009-08-19 05:14 . 2009-08-19 05:14 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\AlwaysNeat
2009-08-19 04:39 . 2009-08-19 04:39 -------- d-----w- c:\program files\Paprikari
2009-08-18 19:59 . 2009-08-18 19:44 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Hoyle Puzzle and Board Games
2009-08-18 19:45 . 2009-08-18 19:44 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\Hoyle FaceCreator
2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\program files\PowerISO
2009-08-17 17:48 . 2009-08-17 17:48 -------- d-----w- c:\documents and settings\Winter Dream Machine\Application Data\MBT
2009-08-17 16:32 . 2009-08-17 16:32 -------- d-----w- c:\program files\Wizards Hat
2009-08-17 16:10 . 2008-07-10 15:14 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-07-10 15:15 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-07-10 15:15 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-07-10 15:15 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-07-10 15:15 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-07-10 15:15 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-07-10 15:15 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-07-10 15:15 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-07-10 15:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 00:24 . 2008-07-10 13:03 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2008-07-10 13:03 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2008-07-10 13:03 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2008-07-10 13:03 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-12 13:17 96480 ----a-w- c:\windows\system32\cdm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-15 21:18 . 2008-07-10 16:13 88 --sh--r- c:\windows\system32\2ADE3DE07D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-16 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-08-03 1295632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]

c:\documents and settings\Winter Dream Machine\Start Menu\Programs\Startup\
HighRollerNotifier.lnk - c:\documents and settings\Winter Dream Machine\Desktop\EXE Files\HighRollerNotifier.exe [2009-6-2 712704]

[HKLM\~\startupfolder\C:^Documents and Settings^Winter Dream Machine^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Belkin Wireless USB Network Adapter Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"stllssvr"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"ose"=3 (0x3)
"lxcf_device"=3 (0x3)
"IDriverT"=3 (0x3)
"ANIWZCSdService"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Conference\\Conference.dll"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Winter Dream Machine\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/10/2008 10:15 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/10/2008 10:15 AM 20560]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/10/2008 2:01 PM 609792]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [7/10/2008 2:01 PM 609792]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003Core.job
- c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 23:33]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003UA.job
- c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 23:33]

2009-10-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: quickrewards.net\images
Trusted Zone: quickrewards.net\www2
TCP: {B5BC0DBA-7DA7-4F46-8B03-AEF5D818AD55} = 24.217.0.5,24.217.201.67
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\Winter Dream Machine\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?957260&a617d27cea75c7c7c46ce65cffb7684e
FF - component: c:\documents and settings\Winter Dream Machine\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Winter Dream Machine\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Winter Dream Machine\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\extensions\{96a87ade-09f2-4c12-b82e-9eaa4e41d124}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Winter Dream Machine\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\Winter Dream Machine\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\defaults\profile\user.js - user_pref("dom.disable_open_during_load", true); // Popupblocker control handled by McAfee Privacy Service
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Dream Day Wedding - Viva Las Vegas 1.00 - c:\program files\Games\Dream Day Wedding - Viva Las Vegas\Uninstall.exe
AddRemove-Escape From Paradise 2 - A Kingdom's Quest 1.00 - c:\program files\Games\Escape From Paradise 2 - A Kingdom's Quest\Uninstall.exe
AddRemove-Fill Up1.0 - c:\windows\Fill Up\uninstall.exe
AddRemove-G.H.O.S.T - c:\program files\Games\G.H.O.S.T
AddRemove-Hidden Mysteries White House 1.00 - c:\program files\Games\Hidden Mysteries White House\Uninstall.exe
AddRemove-Jewel Quest Mysteries Trail of the Midnight Heart 1.00 - c:\program files\Games\Jewel Quest Mysteries Trail of the Midnight Heart\Uninstall.exe
AddRemove-Mystery Masterpiece The Moonstone 1.00 - c:\program files\Games\Mystery Masterpiece The Moonstone\Uninstall.exe
AddRemove-Relic Hunt - The Mystery Unleashed 1.00 - c:\program files\Games\Relic Hunt - The Mystery Unleashed\Uninstall.exe
AddRemove-The Magicians Handbook II BlackLore 1.00 - c:\program files\Games\The Magicians Handbook II BlackLore\Uninstall.exe
AddRemove-The Mystery of the Mary Celeste 1.00 - c:\program files\Games\The Mystery of the Mary Celeste\Uninstall.exe
AddRemove-Turbo Pizza 1.00 - c:\program files\Games\Turbo Pizza\Uninstall.exe
AddRemove-Turbo Subs 1.00 - c:\program files\Games\Turbo Subs\Uninstall.exe
AddRemove-{5D939020-F071-11DD-6784-06BCBE3D18BE} - c:\\My Games\\I SPY Fantasy\Uninst_I Spy Fantasy.exe
AddRemove-Google Chrome - c:\documents and settings\Winter Dream Machine\Local Settings\Application Data\Google\Chrome\Application\3.0.195.24\Installer\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 08:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\snmp.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-10-15 8:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 13:20

Pre-Run: 34,769,821,696 bytes free
Post-Run: 39,531,622,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

376 --- E O F --- 2009-10-02 13:37

[chamber]

Looks better,

1) Scan files

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\iolobtdfg.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Also scan these,

c:\windows\system32\smrgdf.exe
c:\windows\system32\2ADE3DE07D.sys

2) OTL

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

3) RootRepeal

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

In your reply I would like to see copied and pasted,

1) Online scan results
2) OTL logs
3) RootRepeal log

[icywhite2008]

Sorry about the delay! Lost internet connection for a while (totally unrelated to this issue).

Ok here's the info from all the scans. When I ran Root Repeal, I got a report, but I'm not sure it finished. I received an error alert that said "Error - on-disk corruption detected - run chkdsk!"


Online scan of c:\windows\system32\iolobtdfg.exe
=====================================================

VirSCAN.org Scanned Report :
Scanned time : 2009/10/15 11:21:27 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : iolobtdfg.exe
File Size : 30208 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 631baf01d9b69bd2e0b0af7dff9e5129
SHA1 : ab94cb6dadc3880f6b564a6a92d74e381ee5bb85
Online report : http://virscan.org/r...e59f2a4a3f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091015230333 2009-10-15 4.08 -
AhnLab V3 2009.10.16.00 2009.10.16 2009-10-16 0.84 -
AntiVir 8.2.1.35 7.1.6.113 2009-10-15 1.00 -
Antiy 2.0.18 20091015.3008068 2009-10-15 0.12 -
Arcavir 2009 200910150624 2009-10-15 0.11 -
Authentium 5.1.1 200910151402 2009-10-15 1.29 -
AVAST! 4.7.4 091014-0 2009-10-14 0.01 -
AVG 8.5.288 270.14.19/2438 2009-10-15 0.35 -
BitDefender 7.81008.4349968 7.28343 2009-10-15 3.78 -
CA (VET) 9.0.0.143 35.1.7069 2009-10-15 8.33 -
ClamAV 0.95.2 9899 2009-10-15 0.01 -
Comodo 3.12 2609 2009-10-15 0.79 -
CP Secure 1.3.0.5 2009.10.15 2009-10-15 0.38 -
Dr.Web 4.44.0.9170 2009.10.15 2009-10-15 5.56 -
F-Prot 4.4.4.56 20091014 2009-10-14 1.22 -
F-Secure 7.02.73807 2009.10.15.12 2009-10-15 8.62 -
Fortinet 2.81-3.120 10.948 2009-10-15 0.21 -
GData 19.8411/19.511 20091015 2009-10-15 5.40 -
ViRobot 20091014 2009.10.14 2009-10-14 0.43 -
Ikarus T3.1.01.72 2009.10.15.74134 2009-10-15 4.14 -
JiangMin 11.0.800 2009.10.15 2009-10-15 3.73 -
Kaspersky 5.5.10 2009.10.15 2009-10-15 0.06 -
KingSoft 2009.2.5.15 2009.10.15.19 2009-10-15 0.55 -
McAfee 5.3.00 5771 2009-10-14 3.35 -
Microsoft 1.5101 2009.10.15 2009-10-15 5.83 -
Norman 6.03.02 6.03.00 2009-10-15 4.01 -
Panda 9.05.01 2009.10.14 2009-10-14 1.72 -
Trend Micro 8.700-1004 6.546.01 2009-10-15 0.03 -
Quick Heal 10.00 2009.10.15 2009-10-15 1.24 -
Rising 20.0 21.51.34.00 2009-10-15 0.94 -
Sophos 3.00.1 4.46 2009-10-15 2.48 -
Sunbelt 5450 5450 2009-10-14 1.56 -
Symantec 1.3.0.24 20091015.003 2009-10-15 0.05 -
nProtect 20091014.02 5818832 2009-10-14 7.59 -
The Hacker 6.5.0.2 v00042 2009-10-14 0.72 -
VBA32 3.12.10.11 20091015.0850 2009-10-15 1.88 -
VirusBuster 4.5.11.10 10.112.68/2005005 2009-10-14 2.37 -





Online scan of c:\windows\system32\smrgdf.exe
=====================================================

VirSCAN.org Scanned Report :
Scanned time : 2009/10/15 11:24:56 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : smrgdf.exe
File Size : 12288 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 3313d8ceb16af281e5c17dd29446995b
SHA1 : e988d3d1eff425cb5643b224976d3263bc620489
Online report : http://virscan.org/r...74d93d4b3c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091015230333 2009-10-15 10.78 -
AhnLab V3 2009.10.16.00 2009.10.16 2009-10-16 1.82 -
AntiVir 8.2.1.35 7.1.6.113 2009-10-15 0.54 -
Antiy 2.0.18 20091015.3008068 2009-10-15 0.12 -
Arcavir 2009 200910150624 2009-10-15 0.03 -
Authentium 5.1.1 200910151402 2009-10-15 1.21 -
AVAST! 4.7.4 091014-0 2009-10-14 0.00 -
AVG 8.5.288 270.14.19/2438 2009-10-15 0.32 -
BitDefender 7.81008.4349968 7.28343 2009-10-15 3.85 -
CA (VET) 9.0.0.143 35.1.7069 2009-10-15 16.14 -
ClamAV 0.95.2 9899 2009-10-15 0.01 -
Comodo 3.12 2609 2009-10-15 1.57 -
CP Secure 1.3.0.5 2009.10.15 2009-10-15 0.04 -
Dr.Web 4.44.0.9170 2009.10.15 2009-10-15 5.59 -
F-Prot 4.4.4.56 20091014 2009-10-14 1.30 -
F-Secure 7.02.73807 2009.10.15.12 2009-10-15 0.11 -
Fortinet 2.81-3.120 10.948 2009-10-15 0.21 -
GData 19.8411/19.511 20091015 2009-10-15 8.72 -
ViRobot 20091014 2009.10.14 2009-10-14 1.72 -
Ikarus T3.1.01.72 2009.10.15.74134 2009-10-15 4.13 -
JiangMin 11.0.800 2009.10.15 2009-10-15 4.40 -
Kaspersky 5.5.10 2009.10.15 2009-10-15 0.06 -
KingSoft 2009.2.5.15 2009.10.15.19 2009-10-15 0.52 -
McAfee 5.3.00 5771 2009-10-14 3.41 -
Microsoft 1.5101 2009.10.15 2009-10-15 6.11 -
Norman 6.03.02 6.03.00 2009-10-15 4.01 -
Panda 9.05.01 2009.10.14 2009-10-14 2.17 -
Trend Micro 8.700-1004 6.546.01 2009-10-15 0.03 -
Quick Heal 10.00 2009.10.15 2009-10-15 1.23 -
Rising 20.0 21.51.34.00 2009-10-15 0.87 -
Sophos 3.00.1 4.46 2009-10-15 2.49 -
Sunbelt 5450 5450 2009-10-14 1.60 -
Symantec 1.3.0.24 20091015.003 2009-10-15 0.05 -
nProtect 20091014.02 5818832 2009-10-14 8.05 -
The Hacker 6.5.0.2 v00042 2009-10-14 0.80 -
VBA32 3.12.10.11 20091015.0850 2009-10-15 1.91 -
VirusBuster 4.5.11.10 10.112.68/2005005 2009-10-14 2.39 -





Online scan of c:\windows\system32\2ADE3DE07D.sys
===========================================================

VirSCAN.org Scanned Report :
Scanned time : 2009/10/15 11:30:32 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : 2ADE3DE07D.sys
File Size : 88 byte
File Type : X11 SNF font data, LSB first
MD5 : 2b58fb88f17d43b8506e0e100ecba494
SHA1 : eedc8deccb6be65c9b83dc1408cbcc7de1ad9216
Online report : http://virscan.org/r...8f20a5a9b9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091015230333 2009-10-15 5.54 -
AhnLab V3 2009.10.16.01 2009.10.16 2009-10-16 1.06 -
AntiVir 8.2.1.35 7.1.6.113 2009-10-15 0.32 -
Antiy 2.0.18 20091015.3008068 2009-10-15 0.12 -
Arcavir 2009 200910150624 2009-10-15 0.02 -
Authentium 5.1.1 200910151402 2009-10-15 1.19 -
AVAST! 4.7.4 091014-0 2009-10-14 0.00 -
AVG 8.5.288 270.14.19/2438 2009-10-15 0.30 -
BitDefender 7.81008.4349968 7.28343 2009-10-15 3.73 -
CA (VET) 9.0.0.143 35.1.7069 2009-10-15 2.84 -
ClamAV 0.95.2 9899 2009-10-15 0.01 -
Comodo 3.12 2609 2009-10-15 0.71 -
CP Secure 1.3.0.5 2009.10.15 2009-10-15 0.00 -
Dr.Web 4.44.0.9170 2009.10.15 2009-10-15 5.60 -
F-Prot 4.4.4.56 20091014 2009-10-14 1.18 -
F-Secure 7.02.73807 2009.10.15.12 2009-10-15 0.04 -
Fortinet 2.81-3.120 10.948 2009-10-15 0.15 -
GData 19.8411/19.511 20091015 2009-10-15 4.46 -
ViRobot 20091014 2009.10.14 2009-10-14 0.43 -
Ikarus T3.1.01.72 2009.10.15.74134 2009-10-15 4.18 -
JiangMin 11.0.800 2009.10.15 2009-10-15 9.03 -
Kaspersky 5.5.10 2009.10.15 2009-10-15 0.02 -
KingSoft 2009.2.5.15 2009.10.15.19 2009-10-15 0.51 -
McAfee 5.3.00 5771 2009-10-14 3.31 -
Microsoft 1.5101 2009.10.15 2009-10-15 5.85 -
Norman 6.03.02 6.03.00 2009-10-15 4.01 -
Panda 9.05.01 2009.10.14 2009-10-14 3.07 -
Trend Micro 8.700-1004 6.546.01 2009-10-15 0.02 -
Quick Heal 10.00 2009.10.15 2009-10-15 1.40 -
Rising 20.0 21.51.34.00 2009-10-15 0.31 -
Sophos 3.00.1 4.46 2009-10-15 2.49 -
Sunbelt 5450 5450 2009-10-14 3.90 -
Symantec 1.3.0.24 20091015.003 2009-10-15 0.29 -
nProtect 20091014.02 5818832 2009-10-14 10.04 -
The Hacker 6.5.0.2 v00042 2009-10-14 0.75 -
VBA32 3.12.10.11 20091015.0850 2009-10-15 1.99 -
VirusBuster 4.5.11.10 10.112.68/2005005 2009-10-14 2.50 -



OTL.txt Report
======================

OTL logfile created on: 10/15/2009 11:44:26 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Winter Dream Machine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.77% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 36.76 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 74.53 Gb Total Space | 11.26 Gb Free Space | 15.11% Space Free | Partition Type: NTFS

Computer Name: WINTER-6CD37065
Current User Name: Winter Dream Machine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Winter Dream Machine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (ANIWZCSdService [Disabled | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Wireless Service)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Belkin Wireless USB Network Adapter Service [Disabled | Stopped]) -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [Disabled | Stopped]) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [Disabled | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Stopped]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Stopped]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (lxcf_device [Disabled | Stopped]) -- C:\WINDOWS\System32\lxcfcoms.exe ( )
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\System32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\System32\mqtgsvc.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ProtexisLicensing [Disabled | Stopped]) -- C:\WINDOWS\System32\PSIService.exe ()
SRV - (RoxMediaDB9 [Disabled | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (stllssvr [Disabled | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (W3SVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Disabled | Stopped]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\System32\ANIO.SYS (Alpha Networks Inc.)
DRV - (AsIO [System | Running]) -- C:\WINDOWS\System32\drivers\AsIO.sys ()
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AtcL002 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\l251x86.sys (Atheros Communications, Inc.)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (rt2500usb [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trafficsw...6ce65cffb7684e"
FF - prefs.js..extensions.enabledItems: {70df8d13-bdd3-448e-944c-efde21b77161}:2.2.0.9
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.062
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.78
FF - prefs.js..extensions.enabledItems: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {96a87ade-09f2-4c12-b82e-9eaa4e41d124}:2.2.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.7
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.11
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.1
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.19
FF - prefs.js..network.proxy.http: "89.108.83.81"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/09 01:53:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/12 13:40:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 12:41:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 12:41:19 | 00,000,000 | ---D | M]

[2008/07/15 17:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Extensions
[2008/07/15 17:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/15 09:36:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions
[2009/08/26 08:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/07/15 18:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{0e4e4920-1412-11db-ac5d-0800200c9a66}(2)
[2009/08/07 15:26:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/07/24 12:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2008/07/15 18:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{55bb8164-71be-11dc-8314-0800200c9a66}(2)
[2008/07/15 18:39:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(2)
[2009/07/22 11:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/07/23 00:24:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
[2009/10/15 09:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/07/15 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/07/15 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2009/07/21 16:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{96a87ade-09f2-4c12-b82e-9eaa4e41d124}
[2009/09/20 20:46:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2008/07/15 18:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}(2)
[2009/08/05 12:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009/03/12 21:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
[2009/09/26 15:45:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/07/15 18:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\{f9e9aa30-1842-11db-ac5d-0800200c9a66}(2)
[2009/07/26 00:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/08/05 12:01:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/06/04 16:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/08/26 08:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/09/20 20:46:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/07/07 01:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/07/07 01:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\mozilla\Firefox\Profiles\akq96bzx.default\extensions\[email protected]
[2009/07/10 23:13:49 | 00,002,102 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Application Data\Mozilla\FireFox\Profiles\akq96bzx.default\searchplugins\dreamstime-search.xml
[2009/10/15 09:36:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 12:41:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/22 17:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/07/30 01:11:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/09 01:53:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/10 12:41:12 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 12:41:12 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 16:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/04/09 01:53:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 13:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/09/10 12:41:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/27 12:56:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/27 12:56:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/27 12:56:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/27 12:56:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/27 12:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/27 12:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/27 12:56:57 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/10/15 21:10:51 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/01 16:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/15 13:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 13:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 13:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 13:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 13:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 13:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 13:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Winter Dream Machine\Start Menu\Programs\Startup\HighRollerNotifier.lnk = C:\Documents and Settings\Winter Dream Machine\Desktop\EXE Files\HighRollerNotifier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: quickrewards.net ([images] http in Trusted sites)
O15 - HKCU\..Trusted Domains: quickrewards.net ([www2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1215706608750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/10 08:05:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/09/16 16:26:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/10/14 22:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/09/25 19:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SOS
[2009/09/16 15:50:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2009/10/03 00:37:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\casanova
[2009/10/09 09:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ElementalsTheMagicKey
[2009/10/09 09:00:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Enki Games
[2009/09/21 08:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ERS G-Studio
[2009/10/13 16:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Evoly
[2009/09/29 12:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FileZilla
[2009/09/30 22:52:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Freezetag
[2009/09/15 18:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GraveyardShift
[2009/10/15 00:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\KlickTock
[2009/10/03 00:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Magic Academy 2
[2009/09/18 23:36:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MonteCristo2
[2009/10/11 00:32:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ph03nixNewMedia
[2009/09/16 22:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Electronic Arts
[2009/09/15 17:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\AdnanBoy
[2009/09/24 08:10:43 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/10/13 09:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\Agatha Christie - Dead Mans Folly
[2009/09/15 23:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Brainiversity 2
[2009/10/14 22:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Campfire Legends The Hookman
[2009/10/10 17:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\Curse of the Pharaoh - Tears of Sekhmet
[2009/09/29 12:52:53 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/09/24 23:49:51 | 00,000,000 | ---D | C] -- C:\Program Files\Joes Garden
[2009/10/07 14:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Machinarium
[2009/09/20 23:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\Paradise Beach
[2009/10/09 09:10:30 | 00,000,000 | ---D | C] -- C:\Program Files\Playrix Entertainment
[2009/10/07 17:25:43 | 00,000,000 | ---D | C] -- C:\Program Files\Samorost2
[2009/10/13 09:34:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trymedia
[2009/10/15 11:42:36 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winter Dream Machine\Desktop\OTL.exe
[2009/10/15 03:46:53 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/15 03:45:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/15 03:45:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/15 03:45:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/15 03:45:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/15 03:45:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/15 03:43:16 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/15 03:02:41 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Winter Dream Machine\Desktop\TFC.exe
[2009/10/14 22:40:32 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/10/14 09:05:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Campfire Legends The Hookman
[2009/10/13 09:32:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\Agatha Christie - Dead Mans Folly
[2009/10/10 17:27:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Curse of the Pharaoh - Tears of Sekhmet
[2009/10/10 11:36:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\My Documents\Fishdom Spooky Splash
[2009/10/02 12:31:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\My Documents\Recipies
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2009/10/02 08:37:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2009/09/24 23:49:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Joes Garden
[2009/09/20 23:29:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Paradise Beach
[2009/09/17 23:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Winter Dream Machine\My Documents\Slingo Mystery Documents
[2009/09/16 22:41:06 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/09/15 23:52:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Brainiversity 2
[2006/09/14 13:32:20 | 00,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
[2005/07/25 14:31:30 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfserv.dll
[2005/07/25 14:27:22 | 00,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcflmpm.dll
[2005/07/25 14:26:58 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomm.dll
[2005/07/25 14:25:26 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfpplc.dll
[2005/07/25 14:24:46 | 00,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfcomc.dll
[2005/07/25 14:24:14 | 00,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfprox.dll
[2005/07/25 14:19:36 | 01,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcfusb1.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/15 11:42:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winter Dream Machine\Desktop\OTL.exe
[2009/10/15 11:08:40 | 00,284,160 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\exeHelper.com
[2009/10/15 10:58:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003UA.job
[2009/10/15 08:58:13 | 00,002,393 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Google Chrome.lnk
[2009/10/15 08:15:03 | 00,604,534 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 08:15:03 | 00,501,528 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/15 08:15:03 | 00,091,368 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 08:11:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/15 08:11:06 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/15 08:10:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/15 08:10:45 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/10/15 08:10:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 08:10:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 03:47:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/15 03:41:07 | 00,492,312 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/15 03:39:17 | 03,339,138 | R--- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Combo-Fix.exe
[2009/10/15 03:27:05 | 00,004,910 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\FixReg.reg
[2009/10/15 03:02:45 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Winter Dream Machine\Desktop\TFC.exe
[2009/10/14 23:58:01 | 00,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003Core.job
[2009/10/14 23:10:28 | 00,001,026 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Shortcut to Campfire.exe.lnk
[2009/10/14 22:51:48 | 00,368,476 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/14 22:44:08 | 05,089,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 09:19:17 | 00,001,233 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Shortcut to Little Things.exe.lnk
[2009/10/13 09:33:56 | 00,001,320 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\CasinoVE.lnk
[2009/10/13 09:32:32 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Agatha Christie - Dead Mans Folly.lnk
[2009/10/13 09:02:31 | 00,001,900 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Trivial Pursuit Family Edition.lnk
[2009/10/12 10:42:30 | 00,000,032 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/10/11 22:50:52 | 00,065,024 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/10 17:27:14 | 00,002,044 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Curse of the Pharaoh - Tears of Sekhmet.lnk
[2009/10/10 14:13:15 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Application Data\2gomokaz43xbo2lkic5alqfkfbx3scsgbtuf7glnjra332kfz8jin6tk38ksk6y5bsjka72gomo
[2009/10/10 12:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/09 20:05:45 | 00,001,303 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Plants Vs Zombies.lnk
[2009/10/08 14:28:10 | 00,002,020 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Alabama Smith in the Quest of Fate.lnk
[2009/10/08 09:02:26 | 00,001,806 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Zombie Bowl-O-Rama.lnk
[2009/10/07 23:40:59 | 02,648,532 | -H-- | M] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\IconCache.db
[2009/10/07 13:48:06 | 00,001,776 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Ghost Town Mysteries Bodie.lnk
[2009/10/06 10:10:59 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/04 15:36:35 | 00,001,731 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Fishdom Spooky Splash.lnk
[2009/10/03 00:27:44 | 00,001,898 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Insider Tales The Secret Of Casanova .lnk
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2009/09/30 22:48:59 | 00,001,710 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Gardenscapes.lnk
[2009/09/29 12:53:01 | 00,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2009/09/27 01:37:47 | 00,001,820 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Vampire Saga Pandoras Box.lnk
[2009/09/24 23:48:46 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Kitchen Brigade.lnk
[2009/09/24 08:10:44 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Media Player.lnk
[2009/09/17 22:55:47 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Slingo Mystery.lnk
[2009/09/16 22:42:52 | 00,001,129 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Littlest Pet Shop.lnk
[2009/09/16 22:41:06 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/09/15 23:52:44 | 00,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brainiversity 2.lnk

========== Files - No Company Name ==========
[2009/10/15 11:08:39 | 00,284,160 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\exeHelper.com
[2009/10/15 03:47:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/15 03:46:57 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/15 03:45:28 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/15 03:45:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/15 03:45:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/15 03:45:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/15 03:39:07 | 03,339,138 | R--- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Combo-Fix.exe
[2009/10/15 03:27:05 | 00,004,910 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\FixReg.reg
[2009/10/14 23:10:28 | 00,001,026 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Shortcut to Campfire.exe.lnk
[2009/10/14 09:19:17 | 00,001,233 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Shortcut to Little Things.exe.lnk
[2009/10/13 09:33:56 | 00,001,320 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\CasinoVE.lnk
[2009/10/13 09:32:32 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Agatha Christie - Dead Mans Folly.lnk
[2009/10/13 09:02:31 | 00,001,900 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Trivial Pursuit Family Edition.lnk
[2009/10/10 17:27:14 | 00,002,044 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Curse of the Pharaoh - Tears of Sekhmet.lnk
[2009/10/09 20:05:45 | 00,001,303 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Plants Vs Zombies.lnk
[2009/10/09 09:28:32 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Application Data\2gomokaz43xbo2lkic5alqfkfbx3scsgbtuf7glnjra332kfz8jin6tk38ksk6y5bsjka72gomo
[2009/10/08 14:28:10 | 00,002,020 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Alabama Smith in the Quest of Fate.lnk
[2009/10/08 09:02:26 | 00,001,806 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Zombie Bowl-O-Rama.lnk
[2009/10/07 13:48:06 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Ghost Town Mysteries Bodie.lnk
[2009/10/04 15:36:35 | 00,001,731 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Fishdom Spooky Splash.lnk
[2009/10/03 00:27:44 | 00,001,898 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Insider Tales The Secret Of Casanova .lnk
[2009/10/02 08:37:38 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/09/30 22:48:59 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Gardenscapes.lnk
[2009/09/29 12:53:01 | 00,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2009/09/27 01:37:47 | 00,001,820 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Vampire Saga Pandoras Box.lnk
[2009/09/24 23:48:46 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Kitchen Brigade.lnk
[2009/09/24 08:10:44 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Media Player.lnk
[2009/09/17 22:55:47 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Slingo Mystery.lnk
[2009/09/16 22:42:52 | 00,001,129 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\Littlest Pet Shop.lnk
[2009/09/15 23:52:44 | 00,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brainiversity 2.lnk
[2009/08/29 20:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/08/14 11:23:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/08/12 14:41:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/12 14:21:30 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/08/11 15:55:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/10 04:44:46 | 00,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/03/20 12:01:46 | 00,000,467 | ---- | C] () -- C:\WINDOWS\Ffpsettings.ini
[2009/03/03 19:14:03 | 12,451,528 | ---- | C] () -- C:\Program Files\Adobe CS4 Master Collection.zip
[2009/02/25 15:01:46 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\PUTTY.RND
[2009/02/23 16:44:00 | 00,000,203 | ---- | C] () -- C:\WINDOWS\CABBAGE.INI
[2009/02/13 23:28:36 | 00,011,640 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\slot1.mm1
[2008/12/03 10:18:57 | 00,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2008/10/29 19:57:51 | 00,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/10/21 14:22:09 | 00,000,228 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/10/06 22:32:27 | 00,007,517 | ---- | C] () -- C:\Program Files\winter.xml
[2008/09/04 09:40:47 | 00,000,271 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2008/08/13 10:38:19 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2008/08/13 10:38:18 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/07/16 11:28:39 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/07/15 21:41:32 | 00,890,953 | ---- | C] () -- C:\WINDOWS\Txtis.ini
[2008/07/15 21:28:45 | 00,890,953 | ---- | C] () -- C:\WINDOWS\Spr.ini
[2008/07/15 21:23:56 | 00,890,953 | ---- | C] () -- C:\WINDOWS\otto.ini
[2008/07/15 20:48:32 | 00,001,772 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2008/07/15 20:40:35 | 00,065,024 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/10 18:51:19 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/07/10 18:51:19 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/07/10 18:50:55 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/07/10 18:50:54 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/10 18:50:53 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/07/10 14:01:47 | 02,116,008 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/10 13:58:11 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/10 13:15:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/10 12:49:13 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/07/10 12:49:13 | 00,000,084 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/10 12:44:49 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/07/10 12:44:49 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/07/10 12:44:47 | 00,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/07/10 12:44:47 | 00,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/07/10 11:51:47 | 00,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/07/10 11:50:57 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/10 11:50:56 | 00,009,418 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/10 11:50:38 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/07/10 11:13:52 | 00,007,572 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/10 11:13:52 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2ADE3DE07D.sys
[2008/07/10 11:13:51 | 00,492,312 | ---- | C] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/07/10 09:52:04 | 02,648,532 | -H-- | C] () -- C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\IconCache.db
[2008/07/10 08:37:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Winter Dream Machine\Application Data\desktop.ini
[2008/07/09 17:34:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/25 13:13:56 | 00,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/02/20 11:22:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 01:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/07/07 04:12:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcfvs.dll
[2004/08/12 08:33:16 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/12 08:30:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/02/10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2000/04/12 10:23:18 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/09/30 09:29:10 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2009/10/14 22:44:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/27 12:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/07 08:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A047F26D-4602-4aaf-ACE7-F6F2ECEC34F9}
[2009/08/19 17:52:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2009/05/26 00:42:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions
[2008/12/21 23:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2009/10/05 16:33:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/09/04 17:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008/12/12 17:36:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2008/10/15 18:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arkadium
[2009/07/23 17:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artist Colony
[2008/09/15 15:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/09/01 15:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2009/02/13 01:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Black Blob Studios
[2009/08/25 15:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/09/16 16:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/08/09 18:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Candy Factory
[2009/08/12 11:37:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cerasus.media
[2008/07/10 11:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/06/25 08:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2009/09/14 13:37:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames
[2008/09/27 15:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/09/07 18:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2008/12/24 21:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2008/09/18 17:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2009/05/26 23:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2008/09/08 10:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2009/10/11 13:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/10/13 09:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/02/08 04:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/09/08 10:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009/09/25 00:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/08/25 10:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\game_fillup_v2_usa
[2008/10/12 00:04:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/07/06 20:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2009/06/09 02:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GAMESHASTRA
[2009/07/30 00:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/10/02 10:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/29 18:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/02/05 19:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
[2008/07/16 01:40:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphicsDesk
[2008/11/03 21:30:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/07/16 01:41:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hemera
[2009/09/03 23:24:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/02/02 19:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2009/06/25 00:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2009/01/30 17:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/10/12 00:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/11/04 21:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/10/05 13:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/09/24 14:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/07/16 02:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2008/09/27 15:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2009/07/25 00:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mandragora
[2009/06/25 06:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mean Hamster
[2008/09/17 17:33:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Art
[2009/05/17 23:14:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2009/09/15 09:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2008/10/07 08:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metaplast Software
[2008/09/08 09:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MiniIT Games
[2008/10/23 21:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MissTeriTale2
[2009/01/13 16:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2009/10/08 12:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/27 21:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2009/09/16 23:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2008/09/04 17:16:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/05/01 20:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/12/02 02:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/01/26 03:03:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2009/02/11 20:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/08/02 11:21:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2009/09/14 13:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Once Upon a Time in Chicago
[2008/10/10 23:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2009/09/09 12:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/17 02:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/11/16 20:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/08/14 12:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2009/08/21 10:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/04/06 00:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2008/09/20 08:34:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reflexive
[2008/11/08 19:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rionix
[2008/07/10 12:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/08/22 15:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/05/15 17:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2009/09/25 19:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2008/09/30 09:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/09/16 16:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprouts Adventure
[2009/08/06 21:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/02/09 04:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/10/13 20:55:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/04 08:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2008/09/06 17:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/01 01:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2008/10/07 08:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ukodukai Systems
[2009/02/09 19:21:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/09/15 18:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/01/20 21:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/04/08 16:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WotT
[2008/10/19 01:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/10/15 00:44:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data
[2009/04/26 23:13:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\3 Days Zoo Mystery
[2008/10/28 15:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Abra Academy2
[2009/07/08 14:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Aisle 5 Games, Inc
[2008/10/29 20:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\AJ SQUARE INC
[2008/09/07 18:07:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Alawar
[2009/04/13 14:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Alien Skin
[2008/10/26 10:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\AlterLab
[2009/08/19 00:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\AlwaysNeat
[2008/09/08 14:29:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Amaranth Games
[2008/11/27 19:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\AMPSoft
[2008/12/07 14:48:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Anabel
[2009/01/02 12:22:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ancient Quest of Saqqarah__bfg
[2009/08/12 12:42:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Artifex Mundi
[2009/05/29 02:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Artogon
[2009/04/21 23:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Azuaz Games
[2008/10/15 22:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\BeachPartyCraze
[2008/10/28 00:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Beanbag Studios
[2009/09/05 17:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Big Fish Games
[2009/10/12 22:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\BitTorrent
[2009/08/25 15:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\blg
[2009/05/17 20:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\BloodTies
[2009/02/07 04:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Boolat Games
[2009/03/01 23:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\BrandX Games
[2009/08/30 00:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Camel101
[2009/10/03 00:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\casanova
[2008/10/29 18:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\CatmoonGames
[2008/12/22 02:47:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Cat's Eye Games
[2009/08/12 11:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\cerasus.media
[2008/11/03 18:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Clockwork Rhino
[2009/03/07 22:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\CobiMobi
[2008/08/21 11:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/05 14:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\CoreFTP
[2009/09/14 17:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Corel
[2009/02/02 17:37:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Coyotes Tale
[2009/08/03 23:14:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Crayon Physics Deluxe
[2009/09/06 09:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\DivoGames
[2009/02/16 23:06:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\DNA
[2008/10/17 08:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Dragon Altar Games
[2008/10/07 08:48:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Dream Farm Games
[2009/01/28 01:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Dreamsdwell Stories
[2008/09/11 15:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Dress Up Rush
[2008/09/03 16:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\EA
[2008/10/05 15:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\EleFun Games
[2009/10/09 14:33:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ElementalsTheMagicKey
[2009/05/15 13:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Enchanted Katya
[2008/10/18 20:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\EnchantedCavern
[2009/10/09 09:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Enki Games
[2009/06/25 20:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Enlightenus
[2009/06/10 21:05:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Enlightenus1Beta
[2009/10/01 08:06:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ERS G-Studio
[2009/10/13 16:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Evoly
[2009/02/09 04:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\eXPert PDF 6
[2008/11/14 22:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Fabulous Finds
[2009/07/07 01:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Faerie Solitaire
[2009/03/10 23:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FairyTale
[2009/10/03 14:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FileZilla
[2009/03/08 15:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FireShot
[2008/11/05 18:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FirstColony
[2009/10/13 09:44:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Flood Light Games
[2009/02/08 04:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FloodLightGames
[2009/05/02 02:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ForgottenRiddles
[2008/10/11 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ForgottenRiddles2
[2009/10/02 12:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Freezetag
[2008/12/19 21:07:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Friday's games
[2009/09/17 23:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\funkitron
[2008/09/17 10:25:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\FussyLogic
[2008/10/24 21:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Gaijin Ent
[2009/08/25 11:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GameHouse
[2008/10/06 19:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GameInvest
[2008/11/11 22:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Gamelab
[2009/07/06 20:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Gamers Digital
[2009/07/12 00:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Games
[2009/06/09 02:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GAMESHASTRA
[2008/10/18 20:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Genimo
[2008/12/29 18:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Gogii Games
[2008/09/06 17:43:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Go-Go Gourmet Chef of the Year
[2008/12/24 22:46:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GOL_byHasbro
[2009/02/05 19:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Gold Casual Games
[2009/09/15 18:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\GraveyardShift
[2009/08/25 22:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\HdO Adventure
[2008/07/16 01:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Hemera
[2009/04/19 00:13:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\HiT-MM
[2008/10/02 09:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Home Sweet Home 2
[2009/08/18 14:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Hoyle FaceCreator
[2009/08/18 14:59:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Hoyle Puzzle and Board Games
[2009/09/25 00:35:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\HSA
[2009/09/21 08:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\iolo
[2009/05/04 23:20:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\IronCode
[2009/01/26 14:58:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Island
[2009/08/30 01:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\iWin
[2008/07/15 16:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Jasc
[2008/12/16 00:29:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Jetsetter
[2008/10/02 21:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\JoyBits
[2009/10/15 00:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\KlickTock
[2009/07/16 02:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Little Games Company
[2009/09/04 17:59:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Little Noir Stories
[2009/02/09 02:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\LogoMaker
[2008/09/27 15:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ludia
[2009/08/20 15:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MA
[2009/01/12 01:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Magic Academy
[2009/10/03 00:32:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Magic Academy 2
[2008/09/20 14:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Magic Seeds
[2009/08/17 12:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MBT
[2009/06/25 06:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Mean Hamster
[2009/07/02 17:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Meridian93
[2009/09/15 09:39:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Merscom
[2008/09/08 09:52:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MiniIT Games
[2009/09/18 23:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MonteCristo2
[2009/10/01 05:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Move Networks
[2008/10/18 19:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\My Games
[2009/01/17 09:40:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\MysteryStudio
[2008/12/24 00:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Mysteryville2
[2009/02/11 20:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Nitro PDF
[2009/08/02 11:21:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Oberon Games
[2009/09/14 13:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Once Upon a Time in Chicago
[2009/02/16 13:35:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\OpenOffice.org
[2008/08/17 18:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Opera
[2008/10/14 20:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\panoramik
[2009/08/12 12:24:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Peace Craft
[2009/06/25 07:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\PetRush
[2009/01/04 18:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\PetShowCraze
[2009/10/11 00:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ph03nixNewMedia
[2008/10/08 19:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Pi Eye Games
[2008/11/20 22:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Pirateville
[2009/07/06 21:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\pixelStorm
[2009/09/09 12:47:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\PlayFirst
[2009/10/10 10:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Playrix Entertainment
[2009/08/14 12:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\PoBros
[2009/01/27 20:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Pogo Games
[2008/09/27 01:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Reflexive_JanesRealty
[2008/09/08 21:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Restorer
[2008/10/06 23:16:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Righteous Kill
[2009/01/26 05:02:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\RobinsonCrusoe
[2008/07/10 16:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Roxio
[2008/09/18 10:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Sahmon Games
[2009/09/14 15:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Sanna
[2008/11/11 23:19:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Sarah's Emergency Hospital
[2008/10/21 19:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SecretIslandEng
[2009/03/01 02:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SerpentOfIsis
[2009/06/02 01:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SevenSails
[2008/12/02 02:25:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Shape games
[2009/08/01 16:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\she_is_a_shadow
[2008/10/01 21:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Skip-Bo
[2009/02/09 14:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Skunk Studios
[2009/05/12 15:51:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Smilebox
[2008/11/19 03:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SpinTop Games
[2009/07/01 06:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SprillBermudeEng
[2009/08/28 23:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SprillRichiEng
[2008/10/16 16:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SultanofPersia
[2009/08/06 21:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SulusGames
[2009/08/12 14:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\SystemRequirementsLab
[2009/05/29 13:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\TeamViewer
[2009/02/16 23:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Thinstall
[2009/08/19 22:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\TimeQuest
[2008/10/20 23:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\TMInc
[2009/03/20 23:59:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Total Eclipse
[2009/04/15 17:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/10/07 08:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Twilight Games
[2009/05/01 19:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Twintale Entertainment
[2009/03/04 11:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\U3
[2009/05/01 20:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ubisoft
[2009/07/01 01:46:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\UClick
[2008/07/15 20:21:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Ulead Systems
[2008/10/14 23:40:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\URSE Games
[2009/09/15 18:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\Valusoft
[2009/09/01 23:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\VampireSaga
[2009/07/02 17:03:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\V-Games
[2008/09/20 17:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\ViquaSoft
[2009/01/20 21:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\WildTangent
[2009/07/16 00:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\YoudaGames
[2009/10/10 12:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/12 08:23:47 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/14 23:58:01 | 00,000,986 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003Core.job
[2009/10/15 10:58:00 | 00,001,038 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-764733703-682003330-1003UA.job
[2009/10/15 08:10:45 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/10/15 08:10:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9FB004
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4239238F
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF2E2F0E
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2397415
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D02FBAEC
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C07A6A6B
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30DA8392
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8548F970
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0EFE63
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDFAF55B
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C0B833D
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29187573
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D06905F
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C67845
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8750DCE4
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A6AFE3D
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A73A758
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98CBD767
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25DEF972
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0467BDF
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E1F359F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FF74A17
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18BFD8F8
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:730BC923
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F64FC07C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75494C12
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E00A1D59
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65241CBC
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EAA06A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BE1CEA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77A023CE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BCB23A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA15A675
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C98CD834
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14CBD845
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF31AEF5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8160BC44
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8776F88E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25FA66BA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7CDE12
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18173A8E
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AF9CAEB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD13A410
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AD417ED
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95970EA3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37843C98
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24B40255
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C988F7D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD9109D4
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1EEADE7
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2367C355
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B84483
< End of report >



Extras.txt Report
=============================

OTL Extras logfile created on: 10/15/2009 11:44:26 AM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Winter Dream Machine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.77% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 3500 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 36.76 Gb Free Space | 15.78% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 74.53 Gb Total Space | 11.26 Gb Free Space | 15.11% Space Free | Partition Type: NTFS

Computer Name: WINTER-6CD37065
Current User Name: Winter Dream Machine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Conference\Conference.dll" = C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference -- (©2002-2007 Audio/Video Conference Software)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\Winter Dream Machine\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Winter Dream Machine\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{081D00DF-35F0-4570-8037-3E289795928F}" = Nitro PDF Professional
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53F6E695-8BE1-4DB0-9896-643D031B63CA}_is1" = Quick Tab Change 2.0
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111715607}" = The Poppit! Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112930333}" = Lottso! Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114079860}" = Tri Peaks 2 Quest For The Ruby Ring
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114780403}" = Word Riot Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114917810}" = Escape the Museum
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11562057}" = PICTUREKA! MUSEUM MAYHEM
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F810C880-CBBC-4524-82C2-FA3D0AE48380}" = Hemera Photo Clip Art
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Adrianne Stone: Hidden Relics" = Adrianne Stone: Hidden Relics
"Age Of Oracles Taras Journey 1.00" = Age Of Oracles Taras Journey 1.00
"Alchemists Apprentice1.0" = Alchemists Apprentice
"Ancient Hearts And Spades_is1" = Ancient Hearts And Spades
"Ancient Quest of Saqqarah1.2" = Ancient Quest of Saqqarah
"Angela Young 2 Escape the Dreamscape 1.00" = Angela Young 2 Escape the Dreamscape 1.00
"Arthur's Kindergarten" = Arthur's Kindergarten
"Artist Colony 1.00" = Artist Colony 1.00
"AtcL2" = Attansic L2 Fast Ethernet Driver
"Autumn's Treasures The Jade Coin 1.00" = Autumn's Treasures The Jade Coin 1.00
"avast!" = avast! Antivirus
"Avenue Flo 1.00" = Avenue Flo 1.00
"Be Rich1.01" = Be Rich
"Be Richer1.0" = Be Richer
"Bejeweled Twist 1.0.3" = Bejeweled Twist 1.0.3
"BFGC" = Big Fish Games Client
"Blow Up" = Alien Skin Blow Up
"Bookworm Adventures 2 1.00" = Bookworm Adventures 2 1.00
"Bookworm Adventures Deluxe 1.00" = Bookworm Adventures Deluxe 1.00
"Bookworm Deluxe 1.00" = Bookworm Deluxe 1.00
"Brainiversity 21.0" = Brainiversity 2
"Build-a-lot 4 1.00" = Build-a-lot 4 1.00
"Cake Mania" = Cake Mania
"Cake Mania 2" = Cake Mania 2
"Cake Mania 31.000" = Cake Mania 3
"Cake Mania Main Street 1.00" = Cake Mania Main Street 1.00
"Call Of Atlantis" = Call Of Atlantis
"City Sights Seattle 1.00" = City Sights Seattle 1.00
"Cloaker Shadow_is1" = Cloaker Shadow
"Club Control 1.00" = Club Control 1.00
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy 2 World Cuisine1.0.1" = Cooking Academy 2 World Cuisine
"Core FTP LE 2.1" = Core FTP LE 2.1
"Cradle Of Rome ." = Cradle Of Rome .
"Crayon Physics Deluxe 1.00" = Crayon Physics Deluxe 1.00
"CuddlenCareDKey" = Cuddle 'n Care
"Curse of the Pharaoh - Napoleons Secret 1.00" = Curse of the Pharaoh - Napoleons Secret 1.00
"Delicious 2 deluxe" = Delicious 2 deluxe 1.0
"Delicious Emilys Taste of Fame 1.00" = Delicious Emilys Taste of Fame 1.00
"Delicious Emilys Tea Garden1.071" = Delicious Emilys Tea Garden
"Delicious Winter Edition Deluxe" = Delicious Winter Edition Deluxe 1.0
"Dell Photo Printer 720" = Dell Photo Printer 720
"Doras Carnival Adventure 1.00" = Doras Carnival Adventure 1.00
"Drawn The Painted Tower 1.00" = Drawn The Painted Tower 1.00
"dsbF1V1" = the flux collection
"Emerald City Confidential 1.00" = Emerald City Confidential 1.00
"Enchanted Katya Mystery of the Lost Wizard 1.00" = Enchanted Katya Mystery of the Lost Wizard 1.00
"Exposure" = Alien Skin Exposure
"Extensis Intellihance Pro 4.0" = Extensis Intellihance Pro 4.0
"Extensis Portfolio 4.0" = Extensis Portfolio 4.0
"Eye Candy 3" = Eye Candy 3
"Eye Candy 4000" = Eye Candy 4000
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Faerie Solitaire 1.00" = Faerie Solitaire 1.00
"FastFontPreview_is1" = FastFontPreview v2.1.0 FREEWARE
"Feeding Frenzy 2 1.00" = Feeding Frenzy 2 1.00
"FileZilla Client" = FileZilla Client 3.2.7.1
"Finding Doggy1.01" = Finding Doggy
"FishCo1.0" = FishCo
"Fishdom H2O Hidden Odyssey 1.00" = Fishdom H2O Hidden Odyssey 1.00
"Fishdom Spooky Splash 1.00" = Fishdom Spooky Splash 1.00
"Fishdom1.0" = Fishdom
"Flower Shop Big City Break 1.00" = Flower Shop Big City Break 1.00
"FP123" = Fisher-Price 1-2-3's
"G.H.O.S.T Chronicles - Phantom of the Renaissance Faire 1.00" = G.H.O.S.T Chronicles - Phantom of the Renaissance Faire 1.00
"Gardenscapes 1.00" = Gardenscapes 1.00
"Glyph 21.0" = Glyph 2
"Go-Go Gourmet 2 - Chef of the Year1.0" = Go-Go Gourmet 2 - Chef of the Year
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hidden Magic 1.00" = Hidden Magic 1.00
"Hotel Mahjong Deluxe ." = Hotel Mahjong Deluxe .
"HourResetHiddenObjectives" = HourResetHiddenObjectives
"I Spy Spooky Mansion" = I Spy Spooky Mansion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDream in Toons 1.0.8" = iDream in Toons 1.0.8
"ie8" = Windows Internet Explorer 8
"Image Doctor" = Alien Skin Image Doctor 1.0
"Insider Tales The Secret Of Casanova 1.00" = Insider Tales The Secret Of Casanova 1.00
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{F810C880-CBBC-4524-82C2-FA3D0AE48380}" = Hemera Photo Clip Art
"Joes Garden1.0" = Joes Garden
"Kelly Green Garden Queen1.0" = Kelly Green Garden Queen
"Keys to Manhattan 1.00" = Keys to Manhattan 1.00
"Kitchen Brigade 1.00" = Kitchen Brigade 1.00
"KPT 6" = KPT 6
"KPT Gel" = KPT Gel
"Kuros 1.00" = Kuros 1.00
"Larva Mortus v.1.01" = Larva Mortus v.1.01
"Lexmark 730 Series" = Lexmark 730 Series
"Little Shop Memories 1.0052" = Little Shop Memories 1.0052
"LogoMaker_is1" = LogoMaker 2.0
"Lost City of Aquatica 1.00" = Lost City of Aquatica 1.00
"Lost Realms Legacy of the Sun Princess1.0" = Lost Realms Legacy of the Sun Princess
"Luxor Quest for the Afterlife1.0" = Luxor Quest for the Afterlife
"Magic Farm Ultimate Flower 1.00" = Magic Farm Ultimate Flower 1.00
"Mahjong Ancient Mayas ." = Mahjong Ancient Mayas .
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mandragora ." = Mandragora .
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miriels Enchanted Mystery 1.00" = Miriels Enchanted Mystery 1.00
"Monopoly - Build-a-Lot Edition1.0" = Monopoly - Build-a-Lot Edition
"Mortimer And Beckett And The Secrets Of Spooky Manor ." = Mortimer And Beckett And The Secrets Of Spooky Manor .
"Moxxies Tabloid Adventures 1.00" = Moxxies Tabloid Adventures 1.00
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Kingdom for the Princess 1.00" = My Kingdom for the Princess 1.00
"Mystic Emporium1.0" = Mystic Emporium
"Nanny Mania 2 Hollywood1.0" = Nanny Mania 2 Hollywood
"Nick Jr. Bingo 1.00" = Nick Jr. Bingo 1.00
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Paradise Beach1.0" = Paradise Beach
"Paradise Quest 1.00" = Paradise Quest 1.00
"Pictowords 1.00" = Pictowords 1.00
"Pizza Chef 1.00" = Pizza Chef 1.00
"PowerISO" = PowerISO
"PuppetShow Mystery of Joyville 1.00" = PuppetShow Mystery of Joyville 1.00
"RAYflect Four Seasons 1.0" = RAYflect Four Seasons 1.0
"Romance of Rome 1.00" = Romance of Rome 1.00
"Save Our Spirit 1.00" = Save Our Spirit 1.00
"SiteGrinder2" = Media Lab SiteGrinder 2 (Basic & Pro)
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"Slingo Mystery 1.00" = Slingo Mystery 1.00
"Slingo Supreme1.0" = Slingo Supreme
"Snap Art" = Alien Skin Snap Art
"Sunset Studio Love on the High Seas 1.00" = Sunset Studio Love on the High Seas 1.00
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 4" = TeamViewer 4
"Text Twist 2 1.00" = Text Twist 2 1.00
"The Black Box v2.10" = The Black Box v2.10
"The Conjurer 1.00" = The Conjurer 1.00
"The Game of Life 1.00" = The Game of Life 1.00
"Time Quest1.0" = Time Quest
"Trillian" = Trillian
"Vampire Saga Pandoras Box 1.00" = Vampire Saga Pandoras Box 1.00
"Way Of The Tangram 1.00" = Way Of The Tangram 1.00
"WebsiteLayoutMaker" = Uninstall Website Layout Maker
"WildTangent wildgames Master Uninstall" = WildGames
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wizards Hat1.0" = Wizards Hat
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Whomp Underground 1.00" = Word Whomp Underground 1.00
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex2" = Alien Skin Xenofex 2.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youda Sushi Chef1.3.0.0" = Youda Sushi Chef
"Yumsters! 21.0" = Yumsters! 2
"Zulu's Zoo 1.00" = Zulu's Zoo 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in
"Audio/Video Conference" = Audio/Video Conference 4.2+
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Smilebox" = Hallmark Smilebox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/5/2009 10:39:17 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...V...sgimwdg&t=1
failed, 00000008.

Error - 10/5/2009 10:40:46 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...mp;search=inbox
failed, 00000008.

Error - 10/5/2009 10:44:17 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...V...2kxkl3e&t=1
failed, 00000008.

Error - 10/5/2009 10:45:48 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...mp;search=inbox
failed, 00000008.

Error - 10/5/2009 10:49:17 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...V...02vq7ei&t=1
failed, 00000008.

Error - 10/5/2009 10:50:50 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://mail.google.c...mp;search=inbox
failed, 00000008.

Error - 10/15/2009 4:13:44 AM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\iolo\System Mechanic\SysMech.exe failed, 00000005.

Error - 10/15/2009 9:07:58 AM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe failed, 00000005.

Error - 10/15/2009 9:11:24 AM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe failed, 00000005.

Error - 10/15/2009 12:47:13 PM | Computer Name = WINTER-6CD37065 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\System32\MRT.exe failed, 00000005.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



Root Repeal Log
==============================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/15 11:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\Combo-Fix\catchme.sys
Address: 0xA7CF6000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7657000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7E66000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A01000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF7999000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7125000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume I:\
Status: MBR Rootkit Detected!

Path: I:\System Volume Information\System Volume Information
Status: Invisible to the Windows API!

Path: I:\System Volume Information\Thumbs.db
Status: Invisible to the Windows API!

Path: I:\System Volume Information\Torrent downloaded from Demonoid.com.txt
Status: Invisible to the Windows API!

Path: I:\System Volume Information\Treasure-Map-Part-2.pdf
Status: Invisible to the Windows API!

Path: I:\System Volume Information\TreasureMaps
Status: Invisible to the Windows API!

Path: I:\System Volume Information\
Status: Invisible to the Windows API!

Path: I:\System Volume Information\MountPointManagerRemoteDatabase
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\tracking.log
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\_restore{8E6A317A-C1C8-4CAA-9077-7B2527FB483C}
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}
Status: Visible to the Windows API, but not on disk.

Path: I:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}
Status: Visible to the Windows API, but not on disk.

Path: I:\TreasureMaps\Treasure-Map.pdf:ư
Status: Invisible to the Windows API!

Path: I:\TreasureMaps\Treasure-Map.pdf:Zone.Identifier
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eaea52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae14c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae0f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa7eae8ae

==EOF==

[chamber]

Hi,

1) OTL

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2009/10/15 03:27:05 | 00,004,910 | ---- | M] () -- C:\Documents and Settings\Winter Dream Machine\Desktop\FixReg.reg
  [2009/10/12 22:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Winter Dream Machine\Application Data\BitTorrent
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

2) Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL fix log
2) Malwarebytes log
3) Kaspersky log

[icywhite2008]

Well I got as far as MBAM. I had MBAM installed on my computer already along with Avast which is what I use to keep my computer clean. I realized I had a problem when I tried to run MBAM and got the error that it couldn't access the device or file and maybe I didn't have permission.

I did run the OTL custom fix that you gave me and let the system reboot, and when trying to start MBAM I get this error: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

Should I uninstall and reinstall MBAM and Avast or would you like me to try something else before? Thanks so much for your continued help! I appreciate it SO much


OTL Log after Custom Fix
=============================

All processes killed
========== OTL ==========
C:\Documents and Settings\Winter Dream Machine\Desktop\FixReg.reg moved successfully.
C:\Documents and Settings\Winter Dream Machine\Application Data\BitTorrent moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Winter Dream Machine
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Temp\~DFBEBB.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 118262 bytes
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 814579 bytes
->Java cache emptied: 173364 bytes
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 51221919 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 16411055 bytes

User: WINTER-6CD37065

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\unp43811276.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.71 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10162009_113332

Files\Folders moved on Reboot...
C:\Documents and Settings\Winter Dream Machine\Local Settings\Temp\~DFBEBB.tmp moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\unp43811276.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat not found!

Registry entries deleted on Reboot...

[icywhite2008]

Should I go ahead and uninstall/reinstall MBAM since I'm still receiving the "Windows cannot access..." error? Is there another program or fix I should run again before attempting to reinstall MBAM, or would reinstalling even help the root issue?

Thanks again Chamber... just let me know what the next step is and I'll do that right away.

[chamber]

Sorry for the delay, yes, go ahead and uninstall and then re install.

[icywhite2008]

Talk about a loooooooong scan. Sorry for the delay!

OTL Report
==========================

All processes killed
========== OTL ==========
C:\Documents and Settings\Winter Dream Machine\Desktop\FixReg.reg moved successfully.
C:\Documents and Settings\Winter Dream Machine\Application Data\BitTorrent moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65536 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Winter Dream Machine
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Temp\~DFBEBB.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 118262 bytes
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 814579 bytes
->Java cache emptied: 173364 bytes
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
->FireFox cache emptied: 51221919 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 16411055 bytes

User: WINTER-6CD37065

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\unp43811276.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.71 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10162009_113332

Files\Folders moved on Reboot...
C:\Documents and Settings\Winter Dream Machine\Local Settings\Temp\~DFBEBB.tmp moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Winter Dream Machine\Local Settings\Application Data\Mozilla\Firefox\Profiles\akq96bzx.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\unp43811276.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat not found!

Registry entries deleted on Reboot...



MBAM Scan Log
======================

Malwarebytes' Anti-Malware 1.41
Database version: 2987
Windows 5.1.2600 Service Pack 3

10/19/2009 8:42:10 AM
mbam-log-2009-10-19 (08-42-10).txt

Scan type: Quick Scan
Objects scanned: 109326
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Kaspersky Online Scan Report
==================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 20, 2009 18:33:06
Records in database: 3038552
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 542805
Threats found: 5
Infected objects found: 30
Suspicious objects found: 0
Scan duration: 25:36:09


File name / Threat / Threats count
C:\Documents and Settings\Winter Dream Machine\My Documents\My Pictures\Graphics\Graphics Giveaway\Your_Great_Gifts.zip Infected: not-a-virus:Downloader.Win32.Agent.db 2
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\index.htm Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\MembershipSiteManager-Rights.zip Infected: Trojan-Clicker.HTML.IFrame.aer 2
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\reprint-rights.htm Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager.zip Infected: Trojan-Clicker.HTML.IFrame.aer 4
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\RR Products\products_11_to_20\products_11_to_20\easyebookmoneyreseller_14.zip Infected: not-a-virus:Downloader.Win32.Agent.db 2
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\Affiliate-PageMaker\APM.exe Infected: not-a-virus:Downloader.Win32.Agent.db 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\MRR_Affiliate_Success_Kit_affsk\Affiliate Success Kit\SqeezePageMaker.zip Infected: Trojan.Win32.Genome.auin 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\Affiliate-PageMaker_A-PM.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\MRR_Affiliate_Success_Kit_affsk.zip Infected: Trojan.Win32.Genome.auin 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Article Packs\MRR_Easy_Ebook_Monee.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\BR & PLR\Spa.zip Infected: not-a-virus:Downloader.Win32.Agent.db 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install instructions.htm Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem.zip Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\downloadpage.htm Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\index.htm Infected: Trojan-Clicker.HTML.IFrame.aer 1
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem.zip Infected: Trojan-Clicker.HTML.IFrame.aer 3
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\AffiliateSuccessKit.zip Infected: Trojan.Win32.Genome.auin 2
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\IWBT.zip Infected: Trojan.Win32.Genome.auin 1
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Infected: Packed.Win32.Krap.ag 1
I:\Programs\114 Reflexive Arcade Games + KeyGen\Games\Platypus.exe Infected: Trojan-Clicker.Win32.VBiframe.afp 1

Selected area has been scanned.

[chamber]

Its a long scan but it's worth it.

1) OTM

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Pictures\Graphics\Graphics Giveaway
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\index.htm 
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\MembershipSiteManager-Rights.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\reprint-rights.htm
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\RR Products\products_11_to_20\products_11_to_20\easyebookmoneyreseller_14.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\Affiliate-PageMaker\APM.exe
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\MRR_Affiliate_Success_Kit_affsk\Affiliate Success Kit\SqeezePageMaker.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\Affiliate-PageMaker_A-PM.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\MRR_Affiliate_Success_Kit_affsk.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Article Packs\MRR_Easy_Ebook_Monee.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\BR & PLR\Spa.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install instructions.htm
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\AffiliateSuccessKit.zip
  C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\IWBT.zip
  I:\Programs\114 Reflexive Arcade Games + KeyGen\Games\Platypus.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2) Security Check

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your reply I would like to see copied and pasted,

1) OTM log
2) Security Check log

[icywhite2008]

Yes it was worth it My logs are below....

OTM Log
==================

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Winter Dream Machine\My Documents\My Pictures\Graphics\Graphics Giveaway moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\index.htm moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\MembershipSiteManager-Rights.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager\reprint-rights.htm moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\PLR\Membership_Site_Manager.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\My Webs\eCoverAce\PLsecrets Products\RR Products\products_11_to_20\products_11_to_20\easyebookmoneyreseller_14.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\Affiliate-PageMaker\APM.exe moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\MRR_Affiliate_Success_Kit_affsk\Affiliate Success Kit\SqeezePageMaker.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\Affiliate-PageMaker_A-PM.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Affiliate Packs\ZIPS\MRR_Affiliate_Success_Kit_affsk.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Article Packs\MRR_Easy_Ebook_Monee.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\BR & PLR\Spa.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install instructions.htm moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\images moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\templates_c moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\templates moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\registration moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\paypal moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\members moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\manager\templates_c moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\manager\templates moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\manager moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\lib\plugins moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\lib\internals moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\lib moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\js moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install\templates_c moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install\templates moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\install moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\images moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms\css moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem\ezms moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download\ezmembershipsystem moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem\Download moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR\EZMembershipSystem moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\AffiliateSuccessKit.zip moved successfully.
C:\Documents and Settings\Winter Dream Machine\My Documents\Vault DLs\Easter DLs\MRR & PLR\IWBT.zip moved successfully.
I:\Programs\114 Reflexive Arcade Games + KeyGen\Games\Platypus.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Winter Dream Machine
->Temp folder emptied: 87029864 bytes
->Temporary Internet Files folder emptied: 3147019 bytes
->Java cache emptied: 25621453 bytes
->FireFox cache emptied: 41946847 bytes
->Google Chrome cache emptied: 62048096 bytes
->Apple Safari cache emptied: 46847046 bytes

User: WINTER-6CD37065

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 66337 bytes
RecycleBin emptied: 531631241 bytes

Total Files Cleaned = 761.48 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10222009_082207

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat not found!

Registry entries deleted on Reboot...



Security Check Log
============================

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
HourResetHiddenObjectives
iolo technologies' System Mechanic
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
I Spy Spooky Mansion
Java™ 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
iolo common lib ioloServiceManager.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[chamber]

How are things running now?