Thanks for your assistance. Here are the OTL.txt and Extras.txt. The other will follow tomorrow. The scan takes over an hour and my computer froze. Will try again.
Computer not used for business.
OTL logfile created on: 3/30/2010 3:01:51 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Rob\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 71.98 Gb Free Space | 24.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.65 Gb Total Space | 165.39 Gb Free Space | 35.52% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 510.04 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: VOSTRO
Current User Name: Rob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Rob\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\AOL 9.1\waol.exe (AOL, LLC.)
PRC - C:\Program Files\AOL 9.1\shellmon.exe (AOL, LLC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Rob\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\AOL 9.1\idleproc.dll (AOL, LLC.)
========== Win32 Services (SafeList) ========== SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (MSSQL$ACT7) SQL Server (ACT7) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (GoogleDesktopManager-010708-104812) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (ACT! Scheduler) -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080915
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.com/IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems:
askopensearch-VTS@ask.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems:
foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.5
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/12/07 20:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/14 00:22:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/05 06:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 06:48:46 | 000,000,000 | ---D | M]
[2008/09/27 17:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
[2010/03/30 00:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions
[2010/02/22 20:19:33 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/07/25 18:16:28 | 000,000,000 | ---D | M] (Aero Fox Silver) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}
[2009/01/09 19:23:31 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/07 23:54:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/27 19:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/09/10 22:35:21 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/29 17:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/25 18:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\askopensearch-VTS@ask.com
[2010/03/03 09:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\foxmarks@kei.com
[2010/03/18 19:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\personas@christopher.beard
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/25 18:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\browser\extensions
[2009/07/25 18:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\nrz6gf9q.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions
[2010/03/30 00:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/12 01:06:07 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 03:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/17 18:37:57 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/04/14 17:13:25 | 000,742,088 | ---- | M] (SwiftView, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npsview.dll
[2008/12/24 00:14:41 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
O1 HOSTS File: ([2010/03/26 20:32:11 | 000,379,612 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1
www.123topsearch.comO1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1
www.132.comO1 - Hosts: 127.0.0.1
www.136136.netO1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 13104 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1222568482\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rob\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: caldirectsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: caldirectsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: com ([pennwest-edocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: com ([pennwest-edocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ditechsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([ctest] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([ctest] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([forms] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([forms] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([gmacforms] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([gmacforms] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([pro] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([pro] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([secure] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([usign] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([usign] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([webpost] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: elynx.net ([webpost] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmacmsecuredocs.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmamcsecuredocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: gmamcsecuredocs.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ss3.swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: ss3.swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([docs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([docs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([loandocs] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftsend2.com ([loandocs] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftview.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: swiftview.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: wamuloandocs.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2414790569-220885918-2117601967-1005\..Trusted Domains: wamuloandocs.com ([www] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B}
http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94}
http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}
http://scan.networkmagic.com/nmscan/dow ... -WD.V1.cab (Pure Networks Security Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (whlayx.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/11/26 21:39:06 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2009/08/19 05:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3c76b41a-4663-11de-93af-00038a000015}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{3c76b41a-4663-11de-93af-00038a000015}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{561d962d-9afe-11de-9443-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ef8a1733-9be7-11dd-8415-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9a4a297-db7c-11de-9493-00038a000015}\Shell\AutoRun\command - "" = G:\IronKey.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/03/28 11:07:36 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/27 20:47:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/27 20:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/03/27 19:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\QuickScan
[2010/03/27 16:40:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/27 16:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\mbam-installer
[2010/03/26 23:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AskBardis
[2010/03/26 20:30:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 20:30:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 20:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 15:56:02 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\nlssrv32.exe
[2010/03/25 15:56:02 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\ASTSRV.EXE
[2010/03/22 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/21 19:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Local Settings\Application Data\Temp
[2010/03/21 19:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/14 18:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\m-brooklyn-a
[2010/03/14 16:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\m-brooklyn-b
[2010/03/14 00:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx_files
[2010/03/13 14:45:32 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/12 21:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD
[2010/03/10 22:38:08 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 20:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Escape.From.New.York.1981.WS.DVDRip.XviD.iNT-EwDp
[2010/03/06 00:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\AVS4YOU
[2010/03/06 00:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/03/06 00:23:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/03/06 00:23:05 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010/03/06 00:23:05 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/03/06 00:23:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/03/06 00:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/03/06 00:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/03/01 16:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/01 16:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/01 16:47:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/01 16:47:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/01 19:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2009/11/15 21:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/12/01 20:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008/12/01 20:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/11/21 19:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/03/30 14:58:21 | 000,000,785 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 14:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 10:26:45 | 058,253,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/30 10:22:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/30 10:22:27 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/30 10:21:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/30 10:20:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/30 10:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 10:20:40 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/30 10:16:02 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Rob\NTUSER.DAT
[2010/03/30 10:16:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rob\ntuser.ini
[2010/03/30 00:07:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat
[2010/03/29 23:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/29 22:40:44 | 000,005,084 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/03/29 22:40:44 | 000,003,584 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/03/28 14:13:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/27 09:24:08 | 001,099,440 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\p2pwt1A9k.exe
[2010/03/26 20:32:11 | 000,379,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/26 20:30:06 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 19:47:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/03/26 18:48:52 | 000,118,573 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\livepreview.aspx
[2010/03/26 18:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 07:33:12 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 20:03:55 | 000,017,181 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\BJ's Trial Membership.gif
[2010/03/21 12:09:06 | 000,011,246 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Seder List of Foods.docx
[2010/03/20 13:57:31 | 024,008,590 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Samsung LN32B360.pdf
[2010/03/18 19:25:01 | 002,716,750 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\banner 2.pdf
[2010/03/15 22:09:22 | 000,114,491 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\Letter_to_Kaplan.pdf
[2010/03/14 12:27:46 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/03/14 10:43:14 | 000,593,456 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 10:43:14 | 000,492,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 10:43:14 | 000,090,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 00:09:36 | 000,064,185 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx.htm
[2010/03/13 15:01:58 | 000,044,208 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\RobertKaplanfloorplan.pdf
[2010/03/13 14:45:34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/13 14:45:32 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/13 14:45:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/13 14:45:07 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/13 14:45:05 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/06 21:22:25 | 3165,524,508 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall Concert.avi
[2010/03/06 16:45:11 | 2910,648,213 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD_1.avi
[2010/03/06 14:23:40 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\AVS Video Converter 6.lnk
[2010/03/06 06:26:14 | 2934,797,957 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\The 25th Anniversary Rock And Roll Hall 2009 HD.avi
[2010/03/05 06:48:43 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/03/05 06:48:33 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2010/03/05 06:48:06 | 000,001,485 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\DivX Movies.lnk
[2010/03/04 20:32:28 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Bryce_and_Zion_Prelim_Itin.doc
[2010/03/04 20:25:47 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 20:16:50 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\4D80A1A85B.sys
[2010/02/28 22:03:13 | 000,379,612 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100326-203211.backup
[2010/02/28 21:36:41 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/03/27 16:02:09 | 001,099,440 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\p2pwt1A9k.exe
[2010/03/27 15:30:03 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/26 23:24:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/26 20:30:06 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/26 18:48:52 | 000,118,573 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\livepreview.aspx
[2010/03/22 20:03:54 | 000,017,181 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\BJ's Trial Membership.gif
[2010/03/21 19:01:28 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/21 19:01:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/21 12:09:06 | 000,011,246 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Seder List of Foods.docx
[2010/03/20 13:57:30 | 024,008,590 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Samsung LN32B360.pdf
[2010/03/18 19:25:01 | 002,716,750 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\banner 2.pdf
[2010/03/15 22:09:22 | 000,114,491 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\Letter_to_Kaplan.pdf
[2010/03/14 00:09:35 | 000,064,185 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\OrderConfirmation.aspx.htm
[2010/03/13 15:01:58 | 000,044,208 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\RobertKaplanfloorplan.pdf
[2010/03/06 17:29:20 | 3165,524,508 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall Concert.avi
[2010/03/06 09:54:02 | 2910,648,213 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\The 25th Anniversary Rock And Roll Hall 2009 HD_1.avi
[2010/03/06 00:40:38 | 2934,797,957 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\The 25th Anniversary Rock And Roll Hall 2009 HD.avi
[2010/03/06 00:23:28 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\AVS Video Converter 6.lnk
[2010/03/05 06:48:43 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/03/05 06:48:06 | 000,001,485 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\DivX Movies.lnk
[2010/03/04 20:32:28 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Bryce_and_Zion_Prelim_Itin.doc
[2010/03/04 20:16:49 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 20:16:49 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\4D80A1A85B.sys
[2010/03/04 09:51:48 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2010/02/27 16:05:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat
[2010/01/03 21:48:34 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/16 20:55:40 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Rob\Application Data\svfiles.log
[2009/11/16 20:54:31 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\sview.ini
[2009/11/15 13:19:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/11/15 13:14:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2009/11/15 13:14:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Synth Basics
[2009/11/15 13:14:56 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/09/02 23:35:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Bundle
[2009/09/02 23:35:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Booms
[2009/09/02 23:35:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/09/02 23:35:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2009/09/02 23:34:52 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\CIOSupport
[2009/09/02 23:34:52 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2009/09/02 23:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2009/09/02 23:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Booms
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/18 20:53:29 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/23 21:21:17 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/01/26 20:47:22 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/26 20:47:22 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5BA8A1804D.sys
[2009/01/26 20:47:13 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rob\Application Data\ActUpdate.log
[2009/01/13 21:19:22 | 000,001,845 | ---- | C] () -- C:\WINDOWS\if42le.ini
[2009/01/13 21:19:22 | 000,000,308 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2009/01/13 21:12:04 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009/01/13 21:10:56 | 000,015,360 | R--- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2009/01/13 01:20:07 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2009/01/13 01:20:07 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2008/12/29 19:20:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\PFP120JPR.{PB
[2008/12/29 19:20:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\PFP120JCM.{PB
[2008/12/01 20:58:35 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/11/16 20:36:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/10/26 11:30:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/24 19:24:26 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2008/10/05 19:36:56 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Rob\Application Data\Breath Pad
[2008/10/05 19:29:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/10/01 18:37:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 16:24:55 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/28 09:30:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2008/09/27 20:21:49 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 17:37:46 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\fusioncache.dat
[2008/09/15 14:58:44 | 000,001,159 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/15 12:16:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/15 12:12:23 | 000,000,311 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/18 11:00:52 | 000,070,018 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59756FA4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
< End of report >