TechSpot

Broni: Please review these logs of an infected XP-Pro laptop

By drwizgeek
Sep 19, 2011
  1. Hello Broni:

    These are the logs of the 6-step removal process. Please review these logs of an infected XP-Pro laptop. I have to put them in a couple of posts because they are too long. Thanks!

    ____________MBAM log______

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7749

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/19/2011 11:13:33 AM
    mbam-log-2011-09-19 (11-13-33).txt

    Scan type: Quick scan
    Objects scanned: 203639
    Time elapsed: 12 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 1
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{003541A1-3BC0-1B1C-AAF3-040114001C01} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SwUpdate (Trojan.Agent) -> Value: SwUpdate -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\all users\application data\macromedia\swfupdate (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\all users\application data\macromedia\swfupdate\swfupdate.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\tmp0000000127876144e5056a76 (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\documents and settings\iiii ccccc\local settings\application data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\macromedia\swfupdate\Ui.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\macromedia\swfupdate\B32.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\macromedia\swfupdate\B64.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\macromedia\swfupdate\Flags.dtd (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\macromedia\swfupdate\Local.dtd (Trojan.Agent) -> Quarantined and deleted successfully.

    _________________GMER Full Scan (Auto Quick-Scan Failed)_______
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-19 16:17:05
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BEVT-00A0RT0 rev.01.01A01
    Running: unzipped_renamed.exe; Driver: C:\DOCUME~1\iiiiCc~2\LOCALS~1\Temp\fwlciaob.sys


    ---- System - GMER 1.0.15 ----

    SSDT BA716CFC ZwClose
    SSDT BA716CB6 ZwCreateKey
    SSDT BA716D06 ZwCreateSection
    SSDT BA716CAC ZwCreateThread
    SSDT BA716CBB ZwDeleteKey
    SSDT BA716CC5 ZwDeleteValueKey
    SSDT BA716CF7 ZwDuplicateObject
    SSDT BA716CCA ZwLoadKey
    SSDT BA716C98 ZwOpenProcess
    SSDT BA716C9D ZwOpenThread
    SSDT BA716CD4 ZwReplaceKey
    SSDT BA716CCF ZwRestoreKey
    SSDT BA716D0B ZwSetContextThread
    SSDT BA716CC0 ZwSetValueKey
    SSDT BA716CA7 ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FD0360, 0x21ED9D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\program files\real\realplayer\update\realsched.exe[2816] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\wuauclt.exe[1748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [01381940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe[2020] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00BA1940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[2764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\Microsoft Security Client\msseces.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [01A91940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\program files\real\realplayer\update\realsched.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [02D51940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [00EB1940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[2900] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe[3008] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [10001940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe[3392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [021C1940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3468] @ C:\WINDOWS\Explorer.EXE [USER32.dll!ExitWindowsEx] [02801940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)
    IAT C:\WINDOWS\Explorer.EXE[3468] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ExitWindowsEx] [02801940] C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (Backup Now EZ Module/NewTech Infosystems, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device B19BCD20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\RRbackups\C 0 bytes
    File C:\RRbackups\C\0 0 bytes
    File C:\RRbackups\C\0\Data0 50003968 bytes
    File C:\RRbackups\C\0\Data1 50003968 bytes
    File C:\RRbackups\C\0\Data10 50003968 bytes
    File C:\RRbackups\C\0\Data100 50003968 bytes
    File C:\RRbackups\C\0\Data101 50003968 bytes
    File C:\RRbackups\C\0\Data102 50003968 bytes
    File C:\RRbackups\C\0\Data103 50003968 bytes
    File C:\RRbackups\C\0\Data104 50003968 bytes
    File C:\RRbackups\C\0\Data105 50003968 bytes
    File C:\RRbackups\C\0\Data106 50003968 bytes
    File C:\RRbackups\C\0\Data107 50003968 bytes
    File C:\RRbackups\C\0\Data108 50003968 bytes
    File C:\RRbackups\C\0\Data109 50003968 bytes
    File C:\RRbackups\C\0\Data11 50003968 bytes
    File C:\RRbackups\C\0\Data110 50003968 bytes
    File C:\RRbackups\C\0\Data111 50003968 bytes
    File C:\RRbackups\C\0\Data112 50003968 bytes
    File C:\RRbackups\C\0\Data113 50003968 bytes
    File C:\RRbackups\C\0\Data114 50003968 bytes
    File C:\RRbackups\C\0\Data115 50003968 bytes
    File C:\RRbackups\C\0\Data28 50003968 bytes
    File C:\RRbackups\C\0\Data29 50003968 bytes
    File C:\RRbackups\C\0\Data3 50003968 bytes
    File C:\RRbackups\C\0\Data30 50003968 bytes
    File C:\RRbackups\C\0\Data31 50003968 bytes
    File C:\RRbackups\C\0\Data32 50003968 bytes
    File C:\RRbackups\C\0\Data33 50003968 bytes
    File C:\RRbackups\C\0\Data34 50003968 bytes
    File C:\RRbackups\C\0\Data35 50003968 bytes
    File C:\RRbackups\C\0\Data36 50003968 bytes
    File C:\RRbackups\C\0\Data37 50003968 bytes
    File C:\RRbackups\C\0\Data38 50003968 bytes
    File C:\RRbackups\C\0\Data39 50003968 bytes
    File C:\RRbackups\C\0\Data4 50003968 bytes
    File C:\RRbackups\C\0\Data40 50003968 bytes
    File C:\RRbackups\C\0\Data41 50003968 bytes
    File C:\RRbackups\C\0\Data42 50003968 bytes
    File C:\RRbackups\C\0\Data43 50003968 bytes
    File C:\RRbackups\C\0\Data44 50003968 bytes
    File C:\RRbackups\C\0\Data45 50003968 bytes
    File C:\RRbackups\C\0\Data47 50003968 bytes
    File C:\RRbackups\C\0\Data48 50003968 bytes
    File C:\RRbackups\C\0\Data49 50003968 bytes
    File C:\RRbackups\C\0\Data5 50003968 bytes
    File C:\RRbackups\C\0\Data50 50003968 bytes
    File C:\RRbackups\C\0\Data51 50003968 bytes
    File C:\RRbackups\C\0\Data52 50003968 bytes
    File C:\RRbackups\C\0\Data53 50003968 bytes
    File C:\RRbackups\C\0\Data54 50003968 bytes
    File C:\RRbackups\C\0\Data55 50003968 bytes
    File C:\RRbackups\C\0\Data56 50003968 bytes
    File C:\RRbackups\C\0\Data57 50003968 bytes
    File C:\RRbackups\C\0\Data58 50003968 bytes
    File C:\RRbackups\C\0\Data59 50003968 bytes
    File C:\RRbackups\C\0\Data6 50003968 bytes
    File C:\RRbackups\C\0\Data60 50003968 bytes
    File C:\RRbackups\C\0\Data61 50003968 bytes
    File C:\RRbackups\C\0\Data62 50003968 bytes
    File C:\RRbackups\C\0\Data63 50003968 bytes
    File C:\RRbackups\C\0\Data64 50003968 bytes
    File C:\RRbackups\C\0\Data66 50003968 bytes
    File C:\RRbackups\C\0\Data67 50003968 bytes
    File C:\RRbackups\C\0\Data68 50003968 bytes
    File C:\RRbackups\C\0\Data69 50003968 bytes
    File C:\RRbackups\C\0\Data7 50003968 bytes
    File C:\RRbackups\C\0\Data70 50003968 bytes
    File C:\RRbackups\C\0\Data71 50003968 bytes
    File C:\RRbackups\C\0\Data72 50003968 bytes
    File C:\RRbackups\C\0\Data73 50003968 bytes
    File C:\RRbackups\C\0\Data74 50003968 bytes
    File C:\RRbackups\C\0\Data75 50003968 bytes
    File C:\RRbackups\C\0\Data76 50003968 bytes
    File C:\RRbackups\C\0\Data77 50003968 bytes
    File C:\RRbackups\C\0\Data78 50003968 bytes
    File C:\RRbackups\C\0\Data79 50003968 bytes
    File C:\RRbackups\C\0\Data8 50003968 bytes
    File C:\RRbackups\C\0\Data80 50003968 bytes
    File C:\RRbackups\C\0\Data81 50003968 bytes
    File C:\RRbackups\C\0\Data82 50003968 bytes
    File C:\RRbackups\C\0\Data83 50003968 bytes
    File C:\RRbackups\C\0\Data117 50003968 bytes
    File C:\RRbackups\C\0\Data118 50003968 bytes
    File C:\RRbackups\C\0\Data119 50003968 bytes
    File C:\RRbackups\C\0\Data12 50003968 bytes
    File C:\RRbackups\C\0\Data120 50003968 bytes
    File C:\RRbackups\C\0\Data121 50003968 bytes
    File C:\RRbackups\C\0\Data122 50003968 bytes
    File C:\RRbackups\C\0\Data123 50003968 bytes
    File C:\RRbackups\C\0\Data124 50003968 bytes
    File C:\RRbackups\C\0\Data125 50003968 bytes
    File C:\RRbackups\C\0\Data126 50003968 bytes
    File C:\RRbackups\C\0\Data127 50003968 bytes
    File C:\RRbackups\C\0\Data128 50003968 bytes
    File C:\RRbackups\C\0\Data129 50003968 bytes
    File C:\RRbackups\C\0\Data13 50003968 bytes
    File C:\RRbackups\C\0\Data130 50003968 bytes
    File C:\RRbackups\C\0\Data131 50003968 bytes
    File C:\RRbackups\C\0\Data132 50003968 bytes
    File C:\RRbackups\C\0\Data133 50003968 bytes
    File C:\RRbackups\C\0\Data134 50003968 bytes
    File C:\RRbackups\C\0\Data136 50003968 bytes
    File C:\RRbackups\C\0\Data137 50003968 bytes
    File C:\RRbackups\C\0\Data138 50003968 bytes
    File C:\RRbackups\C\0\Data139 50003968 bytes
    File C:\RRbackups\C\0\Data14 50003968 bytes
    File C:\RRbackups\C\0\Data140 50003968 bytes
    File C:\RRbackups\C\0\Data141 50003968 bytes
    File C:\RRbackups\C\0\Data142 50003968 bytes
    File C:\RRbackups\C\0\Data143 50003968 bytes
    File C:\RRbackups\C\0\Data144 50003968 bytes
    File C:\RRbackups\C\0\Data145 50003968 bytes
    File C:\RRbackups\C\0\Data146 50003968 bytes
    File C:\RRbackups\C\0\Data147 50003968 bytes
    File C:\RRbackups\C\0\Data148 50003968 bytes
    File C:\RRbackups\C\0\Data149 50003968 bytes
    File C:\RRbackups\C\0\Data15 50003968 bytes
    File C:\RRbackups\C\0\Data150 50003968 bytes
     
  2. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    50003968 bytes
    File C:\RRbackups\C\0\Data151 50003968 bytes
    File C:\RRbackups\C\0\Data152 50003968 bytes
    File C:\RRbackups\C\0\Data153 50003968 bytes
    File C:\RRbackups\C\0\Data155 50003968 bytes
    File C:\RRbackups\C\0\Data156 50003968 bytes
    File C:\RRbackups\C\0\Data157 50003968 bytes
    File C:\RRbackups\C\0\Data158 50003968 bytes
    File C:\RRbackups\C\0\Data159 50003968 bytes
    File C:\RRbackups\C\0\Data16 50003968 bytes
    File C:\RRbackups\C\0\Data160 50003968 bytes
    File C:\RRbackups\C\0\Data161 50003968 bytes
    File C:\RRbackups\C\0\Data162 50003968 bytes
    File C:\RRbackups\C\0\Data163 50003968 bytes
    File C:\RRbackups\C\0\Data164 50003968 bytes
    File C:\RRbackups\C\0\Data165 50003968 bytes
    File C:\RRbackups\C\0\Data166 50003968 bytes
    File C:\RRbackups\C\0\Data167 50003968 bytes
    File C:\RRbackups\C\0\Data168 50003968 bytes
    File C:\RRbackups\C\0\Data169 50003968 bytes
    File C:\RRbackups\C\0\Data17 50003968 bytes
    File C:\RRbackups\C\0\Data170 50003968 bytes
    File C:\RRbackups\C\0\Data171 50003968 bytes
    File C:\RRbackups\C\0\Data172 50003968 bytes
    File C:\RRbackups\C\0\Data116 50003968 bytes
    File C:\RRbackups\C\0\Data135 50003968 bytes
    File C:\RRbackups\C\0\Data154 50003968 bytes
    File C:\RRbackups\C\0\Data173 50003968 bytes
    File C:\RRbackups\C\0\Data192 50003968 bytes
    File C:\RRbackups\C\0\Data210 50003968 bytes
    File C:\RRbackups\C\0\Data27 50003968 bytes
    File C:\RRbackups\C\0\Data46 50003968 bytes
    File C:\RRbackups\C\0\Data65 50003968 bytes
    File C:\RRbackups\C\0\Data84 50003968 bytes
    File C:\RRbackups\C\0\Data174 50003968 bytes
    File C:\RRbackups\C\0\Data175 50003968 bytes
    File C:\RRbackups\C\0\Data176 50003968 bytes
    File C:\RRbackups\C\0\Data177 50003968 bytes
    File C:\RRbackups\C\0\Data178 50003968 bytes
    File C:\RRbackups\C\0\Data179 50003968 bytes
    File C:\RRbackups\C\0\Data18 50003968 bytes
    File C:\RRbackups\C\0\Data180 50003968 bytes
    File C:\RRbackups\C\0\Data181 50003968 bytes
    File C:\RRbackups\C\0\Data182 50003968 bytes
    File C:\RRbackups\C\0\Data183 50003968 bytes
    File C:\RRbackups\C\0\Data184 50003968 bytes
    File C:\RRbackups\C\0\Data185 50003968 bytes
    File C:\RRbackups\C\0\Data186 50003968 bytes
    File C:\RRbackups\C\0\Data187 50003968 bytes
    File C:\RRbackups\C\0\Data188 50003968 bytes
    File C:\RRbackups\C\0\Data189 50003968 bytes
    File C:\RRbackups\C\0\Data19 50003968 bytes
    File C:\RRbackups\C\0\Data190 50003968 bytes
    File C:\RRbackups\C\0\Data191 50003968 bytes
    File C:\RRbackups\C\0\Data193 50003968 bytes
    File C:\RRbackups\C\0\Data194 50003968 bytes
    File C:\RRbackups\C\0\Data195 50003968 bytes
    File C:\RRbackups\C\0\Data196 50003968 bytes
    File C:\RRbackups\C\0\Data197 50003968 bytes
    File C:\RRbackups\C\0\Data198 50003968 bytes
    File C:\RRbackups\C\0\Data199 50003968 bytes
    File C:\RRbackups\C\0\Data2 50003968 bytes
    File C:\RRbackups\C\0\Data20 50003968 bytes
    File C:\RRbackups\C\0\Data200 50003968 bytes
    File C:\RRbackups\C\0\Data201 50003968 bytes
    File C:\RRbackups\C\0\Data202 50003968 bytes
    File C:\RRbackups\C\0\Data203 50003968 bytes
    File C:\RRbackups\C\0\Data204 50003968 bytes
    File C:\RRbackups\C\0\Data205 50003968 bytes
    File C:\RRbackups\C\0\Data206 50003968 bytes
    File C:\RRbackups\C\0\Data207 50003968 bytes
    File C:\RRbackups\C\0\Data208 50003968 bytes
    File C:\RRbackups\C\0\Data209 50003968 bytes
    File C:\RRbackups\C\0\Data21 50003968 bytes
    File C:\RRbackups\C\0\Data211 50003968 bytes
    File C:\RRbackups\C\0\Data212 50003968 bytes
    File C:\RRbackups\C\0\Data213 50003968 bytes
    File C:\RRbackups\C\0\Data214 50003968 bytes
    File C:\RRbackups\C\0\Data215 50003968 bytes
    File C:\RRbackups\C\0\Data216 50003968 bytes
    File C:\RRbackups\C\0\Data217 50003968 bytes
    File C:\RRbackups\C\0\Data218 50003968 bytes
    File C:\RRbackups\C\0\Data219 50003968 bytes
    File C:\RRbackups\C\0\Data22 50003968 bytes
    File C:\RRbackups\C\0\Data220 50003968 bytes
    File C:\RRbackups\C\0\Data221 50003968 bytes
    File C:\RRbackups\C\0\Data222 50003968 bytes
    File C:\RRbackups\C\0\Data223 50003968 bytes
    File C:\RRbackups\C\0\Data224 50003968 bytes
    File C:\RRbackups\C\0\Data225 50003968 bytes
    File C:\RRbackups\C\0\Data226 11935396 bytes
    File C:\RRbackups\C\0\Data23 50003968 bytes
    File C:\RRbackups\C\0\Data24 50003968 bytes
    File C:\RRbackups\C\0\Data25 50003968 bytes
    File C:\RRbackups\C\0\Data26 50003968 bytes
    File C:\RRbackups\C\0\Data85 50003968 bytes
    File C:\RRbackups\C\0\Data86 50003968 bytes
    File C:\RRbackups\C\0\Data87 50003968 bytes
    File C:\RRbackups\C\0\Data88 50003968 bytes
    File C:\RRbackups\C\0\Data89 50003968 bytes
    File C:\RRbackups\C\0\Data9 50003968 bytes
    File C:\RRbackups\C\0\Data90 50003968 bytes
    File C:\RRbackups\C\0\Data91 50003968 bytes
    File C:\RRbackups\C\0\Data92 50003968 bytes
    File C:\RRbackups\C\0\Data93 50003968 bytes
    File C:\RRbackups\C\0\Data94 50003968 bytes
    File C:\RRbackups\C\0\Data95 50003968 bytes
    File C:\RRbackups\C\0\Data96 50003968 bytes
    File C:\RRbackups\C\0\Data97 50003968 bytes
    File C:\RRbackups\C\0\Data98 50003968 bytes
    File C:\RRbackups\C\0\Data99 50003968 bytes
    File C:\RRbackups\C\0\dats 0 bytes
    File C:\RRbackups\C\0\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\0\EFSFile 0 bytes
    File C:\RRbackups\C\0\HashFile 479130 bytes
    File C:\RRbackups\C\0\Info 756 bytes
    File C:\RRbackups\C\0\TOCFile 48711550 bytes
    File C:\RRbackups\C\1 0 bytes
    File C:\RRbackups\C\1\Data0 50003968 bytes
    File C:\RRbackups\C\1\Data1 50003968 bytes
    File C:\RRbackups\C\1\Data10 50003968 bytes
    File C:\RRbackups\C\1\Data100 50003968 bytes
    File C:\RRbackups\C\1\Data101 50003968 bytes
    File C:\RRbackups\C\1\Data102 50003968 bytes
    File C:\RRbackups\C\1\Data103 50003968 bytes
    File C:\RRbackups\C\1\Data104 50003968 bytes
    File C:\RRbackups\C\1\Data105 50003968 bytes
    File C:\RRbackups\C\1\Data106 50003968 bytes
    File C:\RRbackups\C\1\Data107 50003968 bytes
    File C:\RRbackups\C\1\Data108 50003968 bytes
    File C:\RRbackups\C\1\Data109 50003968 bytes
    File C:\RRbackups\C\1\Data11 50003968 bytes
    File C:\RRbackups\C\1\Data110 50003968 bytes
    File C:\RRbackups\C\1\Data111 50003968 bytes
    File C:\RRbackups\C\1\Data112 50003968 bytes
    File C:\RRbackups\C\1\Data113 50003968 bytes
    File C:\RRbackups\C\1\Data114 50003968 bytes
    File C:\RRbackups\C\1\Data115 50003968 bytes
    File C:\RRbackups\C\1\Data270 50003968 bytes
    File C:\RRbackups\C\1\Data271 50003968 bytes
    File C:\RRbackups\C\1\Data272 50003968 bytes
    File C:\RRbackups\C\1\Data273 50003968 bytes
    File C:\RRbackups\C\1\Data274 50003968 bytes
    File C:\RRbackups\C\1\Data275 50003968 bytes
    File C:\RRbackups\C\1\Data276 50003968 bytes
    File C:\RRbackups\C\1\Data277 50003968 bytes
    File C:\RRbackups\C\1\Data278 50003968 bytes
    File C:\RRbackups\C\1\Data279 50003968 bytes
    File C:\RRbackups\C\1\Data28 50003968 bytes
    File C:\RRbackups\C\1\Data280 50003968 bytes
    File C:\RRbackups\C\1\Data281 50003968 bytes
    File C:\RRbackups\C\1\Data282 50003968 bytes
    File C:\RRbackups\C\1\Data283 50003968 bytes
    File C:\RRbackups\C\1\Data284 50003968 bytes
    File C:\RRbackups\C\1\Data285 50003968 bytes
    File C:\RRbackups\C\1\Data286 50003968 bytes
    File C:\RRbackups\C\1\Data287 50003968 bytes
    File C:\RRbackups\C\1\Data288 50003968 bytes
    File C:\RRbackups\C\1\Data47 50003968 bytes
    File C:\RRbackups\C\1\Data48 50003968 bytes
    File C:\RRbackups\C\1\Data49 50003968 bytes
    File C:\RRbackups\C\1\Data5 50003968 bytes
    File C:\RRbackups\C\1\Data50
     
  3. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    File C:\RRbackups\C\1\Data51 50003968 bytes
    File C:\RRbackups\C\1\Data52 50003968 bytes
    File C:\RRbackups\C\1\Data53 50003968 bytes
    File C:\RRbackups\C\1\Data54 50003968 bytes
    File C:\RRbackups\C\1\Data55 50003968 bytes
    File C:\RRbackups\C\1\Data56 50003968 bytes
    File C:\RRbackups\C\1\Data57 50003968 bytes
    File C:\RRbackups\C\1\Data58 50003968 bytes
    File C:\RRbackups\C\1\Data59 50003968 bytes
    File C:\RRbackups\C\1\Data6 50003968 bytes
    File C:\RRbackups\C\1\Data60 50003968 bytes
    File C:\RRbackups\C\1\Data61 50003968 bytes
    File C:\RRbackups\C\1\Data62 50003968 bytes
    File C:\RRbackups\C\1\Data63 50003968 bytes
    File C:\RRbackups\C\1\Data64 50003968 bytes
    File C:\RRbackups\C\1\Data66 50003968 bytes
    File C:\RRbackups\C\1\Data67 50003968 bytes
    File C:\RRbackups\C\1\Data68 50003968 bytes
    File C:\RRbackups\C\1\Data69 50003968 bytes
    File C:\RRbackups\C\1\Data7 50003968 bytes
    File C:\RRbackups\C\1\Data70 50003968 bytes
    File C:\RRbackups\C\1\Data71 50003968 bytes
    File C:\RRbackups\C\1\Data72 50003968 bytes
    File C:\RRbackups\C\1\Data73 50003968 bytes
    File C:\RRbackups\C\1\Data74 50003968 bytes
    File C:\RRbackups\C\1\Data75 50003968 bytes
    File C:\RRbackups\C\1\Data76 50003968 bytes
    File C:\RRbackups\C\1\Data77 50003968 bytes
    File C:\RRbackups\C\1\Data78 50003968 bytes
    File C:\RRbackups\C\1\Data79 50003968 bytes
    File C:\RRbackups\C\1\Data8 50003968 bytes
    File C:\RRbackups\C\1\Data80 50003968 bytes
    File C:\RRbackups\C\1\Data81 50003968 bytes
    File C:\RRbackups\C\1\Data82 50003968 bytes
    File C:\RRbackups\C\1\Data83 50003968 bytes
    File C:\RRbackups\C\1\Data117 50003968 bytes
    File C:\RRbackups\C\1\Data118 50003968 bytes
    File C:\RRbackups\C\1\Data119 50003968 bytes
    File C:\RRbackups\C\1\Data12 50003968 bytes
    File C:\RRbackups\C\1\Data120 50003968 bytes
    File C:\RRbackups\C\1\Data121 50003968 bytes
    File C:\RRbackups\C\1\Data122 50003968 bytes
    File C:\RRbackups\C\1\Data123 50003968 bytes
    File C:\RRbackups\C\1\Data124 50003968 bytes
    File C:\RRbackups\C\1\Data125 50003968 bytes
    File C:\RRbackups\C\1\Data126 50003968 bytes
    File C:\RRbackups\C\1\Data127 50003968 bytes
    File C:\RRbackups\C\1\Data128 50003968 bytes
    File C:\RRbackups\C\1\Data129 50003968 bytes
    File C:\RRbackups\C\1\Data13 50003968 bytes
    File C:\RRbackups\C\1\Data130 50003968 bytes
    File C:\RRbackups\C\1\Data131 50003968 bytes
    File C:\RRbackups\C\1\Data132 50003968 bytes
    File C:\RRbackups\C\1\Data133 50003968 bytes
    File C:\RRbackups\C\1\Data134 50003968 bytes
    File C:\RRbackups\C\1\Data136 50003968 bytes
    File C:\RRbackups\C\1\Data137 50003968 bytes
    File C:\RRbackups\C\1\Data138 50003968 bytes
    File C:\RRbackups\C\1\Data139 50003968 bytes
    File C:\RRbackups\C\1\Data14 50003968 bytes
    File C:\RRbackups\C\1\Data140 50003968 bytes
    File C:\RRbackups\C\1\Data141 50003968 bytes
    File C:\RRbackups\C\1\Data142 50003968 bytes
    File C:\RRbackups\C\1\Data143 50003968 bytes
    File C:\RRbackups\C\1\Data144 50003968 bytes
    File C:\RRbackups\C\1\Data145 50003968 bytes
    File C:\RRbackups\C\1\Data146 50003968 bytes
    File C:\RRbackups\C\1\Data147 50003968 bytes
    File C:\RRbackups\C\1\Data148 50003968 bytes
    File C:\RRbackups\C\1\Data149 50003968 bytes
    File C:\RRbackups\C\1\Data15 50003968 bytes
    File C:\RRbackups\C\1\Data150 50003968 bytes
    File C:\RRbackups\C\1\Data151 50003968 bytes
    File C:\RRbackups\C\1\Data152 50003968 bytes
    File C:\RRbackups\C\1\Data153 50003968 bytes
    File C:\RRbackups\C\1\Data155 50003968 bytes
    File C:\RRbackups\C\1\Data156 50003968 bytes
    File C:\RRbackups\C\1\Data157 50003968 bytes
    File C:\RRbackups\C\1\Data158 50003968 bytes
    File C:\RRbackups\C\1\Data159 50003968 bytes
    File C:\RRbackups\C\1\Data16 50003968 bytes
    File C:\RRbackups\C\1\Data160 50003968 bytes
    File C:\RRbackups\C\1\Data161 50003968 bytes
    File C:\RRbackups\C\1\Data162 50003968 bytes
    File C:\RRbackups\C\1\Data163 50003968 bytes
    File C:\RRbackups\C\1\Data164 50003968 bytes
    File C:\RRbackups\C\1\Data165 50003968 bytes
    File C:\RRbackups\C\1\Data166 50003968 bytes
    File C:\RRbackups\C\1\Data167 50003968 bytes
    File C:\RRbackups\C\1\Data168 50003968 bytes
    File C:\RRbackups\C\1\Data169 50003968 bytes
    File C:\RRbackups\C\1\Data17 50003968 bytes
    File C:\RRbackups\C\1\Data170 50003968 bytes
    File C:\RRbackups\C\1\Data171 50003968 bytes
    File C:\RRbackups\C\1\Data172 50003968 bytes
    File C:\RRbackups\C\1\Data116 50003968 bytes
    File C:\RRbackups\C\1\Data135 50003968 bytes
    File C:\RRbackups\C\1\Data154 50003968 bytes
    File C:\RRbackups\C\1\Data173 50003968 bytes
    File C:\RRbackups\C\1\Data192 50003968 bytes
    File C:\RRbackups\C\1\Data210 50003968 bytes
    File C:\RRbackups\C\1\Data23 50003968 bytes
    File C:\RRbackups\C\1\Data249 50003968 bytes
    File C:\RRbackups\C\1\Data27 50003968 bytes
    File C:\RRbackups\C\1\Data289 50003968 bytes
    File C:\RRbackups\C\1\Data46 50003968 bytes
    File C:\RRbackups\C\1\Data65 50003968 bytes
    File C:\RRbackups\C\1\Data84 50003968 bytes
    File C:\RRbackups\C\1\Data174 50003968 bytes
    File C:\RRbackups\C\1\Data175 50003968 bytes
    File C:\RRbackups\C\1\Data176 50003968 bytes
    File C:\RRbackups\C\1\Data177 50003968 bytes
    File C:\RRbackups\C\1\Data178 50003968 bytes
    File C:\RRbackups\C\1\Data179 50003968 bytes
    File C:\RRbackups\C\1\Data18 50003968 bytes
    File C:\RRbackups\C\1\Data180 50003968 bytes
    File C:\RRbackups\C\1\Data181 50003968 bytes
    File C:\RRbackups\C\1\Data182 50003968 bytes
    File C:\RRbackups\C\1\Data183 50003968 bytes
    File C:\RRbackups\C\1\Data184 50003968 bytes
    File C:\RRbackups\C\1\Data185 50003968 bytes
    File C:\RRbackups\C\1\Data186 50003968 bytes
    File C:\RRbackups\C\1\Data187 50003968 bytes
    File C:\RRbackups\C\1\Data188 50003968 bytes
    File C:\RRbackups\C\1\Data189 50003968 bytes
    File C:\RRbackups\C\1\Data19 50003968 bytes
    File C:\RRbackups\C\1\Data190 50003968 bytes
    File C:\RRbackups\C\1\Data191 50003968 bytes
    File C:\RRbackups\C\1\Data193 50003968 bytes
    File C:\RRbackups\C\1\Data194 50003968 bytes
    File C:\RRbackups\C\1\Data195 50003968 bytes
    File C:\RRbackups\C\1\Data196 50003968 bytes
    File C:\RRbackups\C\1\Data197 50003968 bytes
    File C:\RRbackups\C\1\Data198 50003968 bytes
    File C:\RRbackups\C\1\Data199 50003968 bytes
    File C:\RRbackups\C\1\Data2 50003968 bytes
    File C:\RRbackups\C\1\Data20 50003968 bytes
    File C:\RRbackups\C\1\Data200 50003968 bytes
    File C:\RRbackups\C\1\Data201 50003968 bytes
    File C:\RRbackups\C\1\Data202 50003968 bytes
    File C:\RRbackups\C\1\Data203 50003968 bytes
    File C:\RRbackups\C\1\Data204 50003968 bytes
    File C:\RRbackups\C\1\Data205 50003968 bytes
    File C:\RRbackups\C\1\Data206 50003968 bytes
    File C:\RRbackups\C\1\Data207 50003968 bytes
    File C:\RRbackups\C\1\Data208 50003968 bytes
    File C:\RRbackups\C\1\Data209 50003968 bytes
    File C:\RRbackups\C\1\Data21 50003968 bytes
    File C:\RRbackups\C\1\Data211 50003968 bytes
    File C:\RRbackups\C\1\Data212 50003968 bytes
    File C:\RRbackups\C\1\Data213 50003968 bytes
    File C:\RRbackups\C\1\Data214 50003968 bytes
    File C:\RRbackups\C\1\Data215 50003968 bytes
    File C:\RRbackups\C\1\Data216 50003968 bytes
    File C:\RRbackups\C\1\Data217 50003968 bytes
    File C:\RRbackups\C\1\Data218 50003968 bytes
    File C:\RRbackups\C\1\Data219 50003968 bytes
    File C:\RRbackups\C\1\Data22 50003968 bytes
    File C:\RRbackups\C\1\Data220 50003968 bytes
    File C:\RRbackups\C\1\Data221 50003968 bytes
    File C:\RRbackups\C\1\Data222 50003968 bytes
    File C:\RRbackups\C\1\Data223 50003968 bytes
    File C:\RRbackups\C\1\Data224 50003968 bytes
    File C:\RRbackups\C\1\Data225 50003968 bytes
    File C:\RRbackups\C\1\Data226 50003968 bytes
    File C:\RRbackups\C\1\Data227 50003968 bytes
    File C:\RRbackups\C\1\Data228 50003968 bytes
    File C:\RRbackups\C\1\Data229 50003968 bytes
    File C:\RRbackups\C\1\Data230 50003968 bytes
    File C:\RRbackups\C\1\Data231 50003968 bytes
    File C:\RRbackups\C\1\Data232 50003968 bytes
    File C:\RRbackups\C\1\Data233 50003968 bytes
    File C:\RRbackups\C\1\Data234 50003968 bytes
    File C:\RRbackups\C\1\Data235 50003968 bytes
    File C:\RRbackups\C\1\Data236 50003968 bytes
    File C:\RRbackups\C\1\Data237 50003968 bytes
    File C:\RRbackups\C\1\Data238 50003968 bytes
    File C:\RRbackups\C\1\Data239 50003968 bytes
    File C:\RRbackups\C\1\Data24 50003968 bytes
    File C:\RRbackups\C\1\Data240 50003968 bytes
    File C:\RRbackups\C\1\Data241 50003968 bytes
    File C:\RRbackups\C\1\Data242 50003968 bytes
    File C:\RRbackups\C\1\Data243 50003968 bytes
    File C:\RRbackups\C\1\Data244 50003968 bytes
    File C:\RRbackups\C\1\Data245 50003968 bytes
    File C:\RRbackups\C\1\Data246 50003968 bytes
    File C:\RRbackups\C\1\Data247 50003968 bytes
    File C:\RRbackups\C\1\Data248 50003968 bytes
    File C:\RRbackups\C\1\Data25
     
  4. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    File C:\RRbackups\C\1\Data250 50003968 bytes
    File C:\RRbackups\C\1\Data251 50003968 bytes
    File C:\RRbackups\C\1\Data252 50003968 bytes
    File C:\RRbackups\C\1\Data253 50003968 bytes
    File C:\RRbackups\C\1\Data254 50003968 bytes
    File C:\RRbackups\C\1\Data255 50003968 bytes
    File C:\RRbackups\C\1\Data256 50003968 bytes
    File C:\RRbackups\C\1\Data257 50003968 bytes
    File C:\RRbackups\C\1\Data258 50003968 bytes
    File C:\RRbackups\C\1\Data259 50003968 bytes
    File C:\RRbackups\C\1\Data26 50003968 bytes
    File C:\RRbackups\C\1\Data260 50003968 bytes
    File C:\RRbackups\C\1\Data261 50003968 bytes
    File C:\RRbackups\C\1\Data262 50003968 bytes
    File C:\RRbackups\C\1\Data263 50003968 bytes
    File C:\RRbackups\C\1\Data264 50003968 bytes
    File C:\RRbackups\C\1\Data265 50003968 bytes
    File C:\RRbackups\C\1\Data266 50003968 bytes
    File C:\RRbackups\C\1\Data267 50003968 bytes
    File C:\RRbackups\C\1\Data268 50003968 bytes
    File C:\RRbackups\C\1\Data269 50003968 bytes
    File C:\RRbackups\C\1\Data29 50003968 bytes
    File C:\RRbackups\C\1\Data290 50003968 bytes
    File C:\RRbackups\C\1\Data291 40690730 bytes
    File C:\RRbackups\C\1\Data3 50003968 bytes
    File C:\RRbackups\C\1\Data30 50003968 bytes
    File C:\RRbackups\C\1\Data31 50003968 bytes
    File C:\RRbackups\C\1\Data32 50003968 bytes
    File C:\RRbackups\C\1\Data33 50003968 bytes
    File C:\RRbackups\C\1\Data34 50003968 bytes
    File C:\RRbackups\C\1\Data35 50003968 bytes
    File C:\RRbackups\C\1\Data36 50003968 bytes
    File C:\RRbackups\C\1\Data37 50003968 bytes
    File C:\RRbackups\C\1\Data38 50003968 bytes
    File C:\RRbackups\C\1\Data39 50003968 bytes
    File C:\RRbackups\C\1\Data4 50003968 bytes
    File C:\RRbackups\C\1\Data40 50003968 bytes
    File C:\RRbackups\C\1\Data41 50003968 bytes
    File C:\RRbackups\C\1\Data42 50003968 bytes
    File C:\RRbackups\C\1\Data43 50003968 bytes
    File C:\RRbackups\C\1\Data44 50003968 bytes
    File C:\RRbackups\C\1\Data45 50003968 bytes
    File C:\RRbackups\C\1\Data85 50003968 bytes
    File C:\RRbackups\C\1\Data86 50003968 bytes
    File C:\RRbackups\C\1\Data87 50003968 bytes
    File C:\RRbackups\C\1\Data88 50003968 bytes
    File C:\RRbackups\C\1\Data89 50003968 bytes
    File C:\RRbackups\C\1\Data9 50003968 bytes
    File C:\RRbackups\C\1\Data90 50003968 bytes
    File C:\RRbackups\C\1\Data91 50003968 bytes
    File C:\RRbackups\C\1\Data92 50003968 bytes
    File C:\RRbackups\C\1\Data93 50003968 bytes
    File C:\RRbackups\C\1\Data94 50003968 bytes
    File C:\RRbackups\C\1\Data95 50003968 bytes
    File C:\RRbackups\C\1\Data96 50003968 bytes
    File C:\RRbackups\C\1\Data97 50003968 bytes
    File C:\RRbackups\C\1\Data98 50003968 bytes
    File C:\RRbackups\C\1\Data99 50003968 bytes
    File C:\RRbackups\C\1\dats 0 bytes
    File C:\RRbackups\C\1\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\1\EFSFile 0 bytes
    File C:\RRbackups\C\1\HashFile 561240 bytes
    File C:\RRbackups\C\1\Info 756 bytes
    File C:\RRbackups\C\1\TOCFile 57059400 bytes
    File C:\RRbackups\C\2 0 bytes
    File C:\RRbackups\C\2\Data0 50003968 bytes
    File C:\RRbackups\C\2\Data1 50003968 bytes
    File C:\RRbackups\C\2\Data2 50003968 bytes
    File C:\RRbackups\C\2\Data3 50003968 bytes
    File C:\RRbackups\C\2\Data4 50003968 bytes
    File C:\RRbackups\C\2\Data5 6372149 bytes
    File C:\RRbackups\C\2\dats 0 bytes
    File C:\RRbackups\C\2\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\2\EFSFile 0 bytes
    File C:\RRbackups\C\2\HashFile 541614 bytes
    File C:\RRbackups\C\2\Info 756 bytes
    File C:\RRbackups\C\2\TOCFile 55064090 bytes
    File C:\RRbackups\C\3 0 bytes
    File C:\RRbackups\C\3\Data0 50003968 bytes
    File C:\RRbackups\C\3\Data1 50003968 bytes
    File C:\RRbackups\C\3\Data2 50003968 bytes
    File C:\RRbackups\C\3\Data3 50003968 bytes
    File C:\RRbackups\C\3\Data4 50003968 bytes
    File C:\RRbackups\C\3\Data5 16545794 bytes
    File C:\RRbackups\C\3\dats 0 bytes
    File C:\RRbackups\C\3\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\3\EFSFile 0 bytes
    File C:\RRbackups\C\3\HashFile 544206 bytes
    File C:\RRbackups\C\3\Info 756 bytes
    File C:\RRbackups\C\3\TOCFile 55327610 bytes
    File C:\RRbackups\C\4 0 bytes
    File C:\RRbackups\C\4\Data0 50003968 bytes
    File C:\RRbackups\C\4\Data1 50003968 bytes
    File C:\RRbackups\C\4\Data2 50003968 bytes
    File C:\RRbackups\C\4\Data3 50003968 bytes
    File C:\RRbackups\C\4\Data4 50003968 bytes
    File C:\RRbackups\C\4\Data5 50003968 bytes
    File C:\RRbackups\C\4\Data6 50003968 bytes
    File C:\RRbackups\C\4\Data7 6315243 bytes
    File C:\RRbackups\C\4\dats 0 bytes
    File C:\RRbackups\C\4\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\4\EFSFile 0 bytes
    File C:\RRbackups\C\4\HashFile 546228 bytes
    File C:\RRbackups\C\4\Info 756 bytes
    File C:\RRbackups\C\4\TOCFile 55533180 bytes
    File C:\RRbackups\C\5 0 bytes
    File C:\RRbackups\C\5\Data0 50003968 bytes
    File C:\RRbackups\C\5\Data1 50003968 bytes
    File C:\RRbackups\C\5\Data10 50003968 bytes
    File C:\RRbackups\C\5\Data11 50003968 bytes
    File C:\RRbackups\C\5\Data12 9674377 bytes
    File C:\RRbackups\C\5\Data2 50003968 bytes
    File C:\RRbackups\C\5\Data3 50003968 bytes
    File C:\RRbackups\C\5\Data4 50003968 bytes
    File C:\RRbackups\C\5\Data5 50003968 bytes
    File C:\RRbackups\C\5\Data6 50003968 bytes
    File C:\RRbackups\C\5\Data7 50003968 bytes
    File C:\RRbackups\C\5\Data8 50003968 bytes
    File C:\RRbackups\C\5\Data9 50003968 bytes
    File C:\RRbackups\C\5\dats 0 bytes
    File C:\RRbackups\C\5\dats\PreloadInstall.ini 26 bytes
    File C:\RRbackups\C\5\EFSFile 0 bytes
    File C:\RRbackups\C\5\HashFile 547560 bytes
    File C:\RRbackups\C\5\Info 756 bytes
    File C:\RRbackups\C\5\TOCFile 55668600 bytes
    File C:\RRbackups\C\MERGE 0 bytes
    File C:\RRbackups\C\MERGE\Data0 50003968 bytes
    File C:\RRbackups\C\MERGE\Data1 50003968 bytes
    File C:\RRbackups\C\MERGE\Data10 50003968 bytes
    File C:\RRbackups\C\MERGE\Data11 50003968 bytes
    File C:\RRbackups\C\MERGE\Data12 50003968 bytes
    File C:\RRbackups\C\MERGE\Data13 50003968 bytes
    File C:\RRbackups\C\MERGE\Data14 50003968 bytes
    File C:\RRbackups\C\MERGE\Data2 50003968 bytes
    File C:\RRbackups\C\MERGE\Data3 50003968 bytes
    File C:\RRbackups\C\MERGE\Data4 50003968 bytes
    File C:\RRbackups\C\MERGE\Data5 50003968 bytes
    File C:\RRbackups\C\MERGE\Data6 50003968 bytes
    File C:\RRbackups\C\MERGE\Data7 50003968 bytes
    File C:\RRbackups\C\MERGE\Data8 50003968 bytes
    File C:\RRbackups\C\MERGE\Data9 50003968 bytes
    File C:\RRbackups\C\MERGE\EFSFile 0 bytes
    File C:\RRbackups\C\MERGE\HashFile 541614 bytes
    File C:\RRbackups\C\MERGE\Info 0 bytes
    File C:\RRbackups\C\MERGE\TOCFile 55064090 bytes
    File C:\RRbackups\common 0 bytes
    File C:\RRbackups\common\backups.dat 8192 bytes
    File C:\RRbackups\common\bt0.dat 32256 bytes
    File C:\RRbackups\common\bt1.dat 32256 bytes
    File C:\RRbackups\common\bt2.dat 32256 bytes
    File C:\RRbackups\common\bt3.dat 32256 bytes
    File C:\RRbackups\common\bt4.dat 32256 bytes
    File C:\RRbackups\common\bt5.dat 32256 bytes
    File C:\RRbackups\common\hints.dat 8192 bytes
    File C:\RRbackups\common\mnd.dat 8192 bytes
    File C:\RRbackups\common\regcerts.dat 8192 bytes
    File C:\RRbackups\common\restore.log 110 bytes
    File C:\RRbackups\common\rr.log 51453 bytes
    File C:\RRbackups\common\SAM 262144 bytes
    File C:\RRbackups\common\seccache.dat 8192 bytes
    File C:\RRbackups\common\secpolicy.dat 57344 bytes
    File C:\RRbackups\common\settings.dat 28672 bytes
    File C:\RRbackups\common\system.dat 12288 bytes
    File C:\RRbackups\common\tvtns.bin 23 bytes
    File C:\RRbackups\common\usersids.dat
     
  5. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    File C:\RRbackups\Documents and Settings 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\91f3108e-f9f4-458d-a4de-29aeb114093c 388 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\851a3076-0300-41b7-b100-52d5f00a929a 388 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\b1001a45-18c5-48c6-831e-5ade0bb361af 388 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\All Users 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\PreloadInstall.ini 26 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d013304477f3689e5815d4051f89c4af_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 1307 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e17459beeef013e01dbf6151b4b7cdbf_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 1752 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 52 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 57 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 47 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 893 bytes
    File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\dd508fb67e3df5d722d6ce98ff404371_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 63 bytes
    File C:\RRbackups\Documents and Settings\Default User 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\91f3108e-f9f4-458d-a4de-29aeb114093c 388 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\851a3076-0300-41b7-b100-52d5f00a929a 388 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\b1001a45-18c5-48c6-831e-5ade0bb361af 388 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Lenovo 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\6b29ae44e85efac3c72ff4d1865d73f1_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 53 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\83aa4cc77f591dfc2374580bbd95f6ba_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 45 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\99bf2e88cc675acf816c179a1986083c_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 1298 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\dd508fb67e3df5d722d6ce98ff404371_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 63 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\e52f73ea1e6d8fb5afd750e25de6c8fa_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 46 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\e5f414badd3d83c6b62be4a098591e29_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 901 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\f161836373af4675accbd218bcd29956_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 1305 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\fa46e53f8549ff0a6b53563aa0f0c1a1_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 51 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\CREDHIST 568 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\91f3108e-f9f4-458d-a4de-29aeb114093c 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\04127878-077a-4c93-a323-2986d7ea7c42 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\2df22926-01d1-4696-9726-ac2cde5b5b9c 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\33eb8456-6f89-4409-9433-6ffb1793e0e1 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\5e7def99-44ac-4298-a546-2fb6ec3c0406 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\62963204-5599-4f38-a252-72c0958b8f6c 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\7bd32826-f95c-41c2-b550-a299914cecef 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\851a3076-0300-41b7-b100-52d5f00a929a 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\b1001a45-18c5-48c6-831e-5ade0bb361af 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\Certificates\895DF0D5BBAEC475D758467B31AFB5E8AD4911E8 830 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\Keys 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc\Application Data\Microsoft\SystemCertificates\My\Keys\2A1B98C4FA8F757B7732581B2354DC57F639ADF4 240 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\6b29ae44e85efac3c72ff4d1865d73f1_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 53 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\83aa4cc77f591dfc2374580bbd95f6ba_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 45 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\dd508fb67e3df5d722d6ce98ff404371_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 63 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\eded8bdcf834043eeb8e54de84b041c2_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 53 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2942788721-270316561-3154462386-1005\fa46e53f8549ff0a6b53563aa0f0c1a1_a71f81c7-82d7-4a25-8c26-f7125f94c3c7 51 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\CREDHIST 1248 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\91f3108e-f9f4-458d-a4de-29aeb114093c 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\0f4fc308-2bb6-4874-9c8e-a7524e7f7baa 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\164be8a7-ea1e-4d7c-9d08-ed3c350fd929 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\176f0394-4171-41f7-9c5d-94c9fdbd87a7 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\1b313f8b-2093-4511-9af1-5fbd451aa836 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\1e57ab80-f970-4505-861a-f9be1e4ffb98 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\76f03213-fa35-4820-8ba5-0c5925db34a6 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\7ba64e8f-e7b6-45b4-aeac-cba0ecda96ff 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\8267d22e-c0bd-4ef6-a2ed-efe4e630be56 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\8951da73-0fde-4e15-9287-3ed67637c8b4 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\e2664800-6f8f-4dc5-8010-fbed885d4901 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\e3337754-961f-4021-a771-d8fba09a6f58 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2942788721-270316561-3154462386-1005\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\851a3076-0300-41b7-b100-52d5f00a929a 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\b1001a45-18c5-48c6-831e-5ade0bb361af 388 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\iiii ccccc backup\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto\RSA 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\CREDHIST 24 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\91f3108e-f9f4-458d-a4de-29aeb114093c 388 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1978421048-1550610703-262485005-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\851a3076-0300-41b7-b100-52d5f00a929a 388 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-2998009197-2858363785-400833319-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\b1001a45-18c5-48c6-831e-5ade0bb361af 388 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3231202927-1137306203-2969883114-500\Preferred 24 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
    File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
    File C:\RRbackups\SIS 0 bytes
    File C:\RRbackups\SIS\C 0 bytes
    File C:\RRbackups\SIS\C\0 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by iiii ccccc at 16:27:10 on 2011-09-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1408 [GMT -7:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    C:\Program Files\Lenovo\PM Driver\PMSveH.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\rpcnetp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
    C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
    C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/home?AF=14542
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe2.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PCCBHO.CPCCBHO: {22fc6ce8-7d47-479f-b74a-bfbb04adb9af} - c:\program files\winferno\pc confidential\PCCBHO.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: TheFreeDictionarycom Toolbar: {d1e06b91-60e6-4492-af9f-53043fa32716} - c:\program files\thefreedictionarycom\prxtbThe2.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\iiii ccccc\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\iiiicc~2\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\iiii ccccc\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\iiiicc~2\startm~1\programs\startup\itunes~1.lnk - c:\windows\installer\{2ce5a2e7-3437-4ce7-bcf4-85ed6eeff9e4}\iTunesIco.exe
    StartupFolder: c:\docume~1\iiiicc~2\startm~1\programs\startup\itunes.lnk - c:\program files\itunes\iTunes.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\itunes.lnk - c:\program files\itunes\iTunes.exe
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - c:\program files\winferno\pc confidential\PCConfidential.exe
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} - c:\program files\winferno\pc confidential\PCConfidential.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -
    Notify: ACNotify - ACNotify.dll
    Notify: tphotkey - tphklock.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli ACGina
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-18 11608]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
    R1 MpKslab70a538;MpKslab70a538;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4092e2ec-0b5e-4308-8b22-ed4cb296cebf}\MpKslab70a538.sys [2011-9-19 28752]
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-5-24 10240]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-18 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-18 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-18 66616]
    R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
    R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2011-8-11 470528]
    RUnknown rpcnetp;rpcnetp; [x]
    S1 MpKsl4455b4c5;MpKsl4455b4c5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89bdb2b4-aa68-4a1f-ba95-8a8340d0a0db}\mpksl4455b4c5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89bdb2b4-aa68-4a1f-ba95-8a8340d0a0db}\MpKsl4455b4c5.sys [?]
    S1 MpKslb523da44;MpKslb523da44;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c64f5ab7-6f66-41ef-abe6-9bad6298f43d}\mpkslb523da44.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c64f5ab7-6f66-41ef-abe6-9bad6298f43d}\MpKslb523da44.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S2 smi2;smi2;\??\c:\program files\smi2\smi2.sys --> c:\program files\smi2\smi2.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2011-2-8 20480]
    .
    =============== Created Last 30 ================
    .
    2011-09-19 18:57:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4092e2ec-0b5e-4308-8b22-ed4cb296cebf}\MpKslab70a538.sys
    2011-09-19 17:56:12 -------- d-----w- c:\documents and settings\iiii ccccc\application data\Malwarebytes
    2011-09-19 04:54:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-19 04:54:19 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-19 04:54:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-19 03:22:56 -------- d-----w- c:\documents and settings\iiii ccccc\application data\Avira
    2011-09-19 03:18:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-19 03:18:24 -------- d-----w- c:\program files\Avira
    2011-09-19 03:18:24 -------- d-----w- c:\documents and settings\all users\application data\Avira
    2011-09-19 02:09:43 -------- d-----w- C:\troubleshooter
    2011-09-18 20:18:17 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2011-09-18 20:17:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-09-17 17:23:42 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4092e2ec-0b5e-4308-8b22-ed4cb296cebf}\mpengine.dll
    2011-09-13 14:42:30 -------- d-----w- c:\documents and settings\iiii ccccc\application data\com.livescribe.LivescribeConnect
    2011-09-13 14:42:08 -------- d-----w- c:\program files\common files\Livescribe
    2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    .
    ==================== Find3M ====================
    .
    2011-09-18 07:00:01 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-09-17 08:11:48 44544 ----a-w- c:\windows\system32\agremove.exe
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
    2008-03-23 02:20:42 35481456 ------w- c:\program files\Money_Plus_Deluxe_Win32_English_Online-US_Only_DwnLd.exe
    2008-03-23 00:54:46 15452536 ------w- c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-02-29 14:57:32 23344432 ------w- c:\program files\QuickTimeInstaller.exe
    .
    ============= FINISH: 16:28:04.29 ===============
     
  7. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/7/2007 7:52:24 AM
    System Uptime: 9/19/2011 11:57:25 AM (5 hours ago)
    .
    Motherboard: LENOVO | | CAPELL VALLEY(NAPA) CRB
    Processor: Intel(R) Core(TM) Duo CPU T2300 @ 1.66GHz | U2E1 | 1662/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 106.447 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom 802.11n Network Adapter
    Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_046E14E4&REV_01\4&20975680&0&00E1
    Manufacturer: Broadcom
    Name: Broadcom 802.11n Network Adapter
    PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_046E14E4&REV_01\4&20975680&0&00E1
    Service: BCM43XX
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\AB40086123F7A
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\AB40086123F7A
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP1068: 6/21/2011 9:34:34 AM - System Checkpoint
    RP1069: 6/21/2011 11:01:37 PM - Software Distribution Service 3.0
    RP1070: 6/23/2011 8:11:35 AM - Software Distribution Service 3.0
    RP1071: 6/24/2011 8:55:33 AM - Software Distribution Service 3.0
    RP1072: 6/25/2011 10:06:19 AM - Software Distribution Service 3.0
    RP1073: 6/26/2011 12:43:25 PM - System Checkpoint
    RP1074: 6/26/2011 11:38:46 PM - Software Distribution Service 3.0
    RP1075: 6/28/2011 9:13:37 AM - Software Distribution Service 3.0
    RP1076: 6/29/2011 9:26:59 AM - Software Distribution Service 3.0
    RP1077: 6/29/2011 11:06:45 AM - Software Distribution Service 3.0
    RP1078: 6/30/2011 9:39:51 AM - Software Distribution Service 3.0
    RP1079: 7/1/2011 3:13:02 PM - Software Distribution Service 3.0
    RP1080: 7/2/2011 6:54:54 PM - Software Distribution Service 3.0
    RP1081: 7/3/2011 1:45:35 AM - Software Distribution Service 3.0
    RP1082: 7/4/2011 9:53:50 AM - Software Distribution Service 3.0
    RP1083: 7/4/2011 6:49:47 PM - Software Distribution Service 3.0
    RP1084: 7/5/2011 10:46:37 PM - Software Distribution Service 3.0
    RP1085: 7/7/2011 8:45:51 AM - Software Distribution Service 3.0
    RP1086: 7/8/2011 9:04:56 AM - Software Distribution Service 3.0
    RP1087: 7/10/2011 10:12:13 AM - Software Distribution Service 3.0
    RP1088: 7/11/2011 6:03:58 PM - Software Distribution Service 3.0
    RP1089: 7/12/2011 10:00:15 PM - Software Distribution Service 3.0
    RP1090: 7/13/2011 10:44:28 AM - Software Distribution Service 3.0
    RP1091: 7/13/2011 10:38:20 PM - Software Distribution Service 3.0
    RP1092: 7/15/2011 9:12:11 AM - Software Distribution Service 3.0
    RP1093: 7/16/2011 9:15:06 AM - Software Distribution Service 3.0
    RP1094: 7/17/2011 1:29:14 PM - Software Distribution Service 3.0
    RP1095: 7/18/2011 1:54:03 PM - System Checkpoint
    RP1096: 7/18/2011 10:31:57 PM - Software Distribution Service 3.0
    RP1097: 7/20/2011 9:39:23 AM - Software Distribution Service 3.0
    RP1098: 7/21/2011 11:01:53 PM - Software Distribution Service 3.0
    RP1099: 7/22/2011 11:10:08 PM - System Checkpoint
    RP1100: 7/23/2011 4:10:31 AM - Software Distribution Service 3.0
    RP1101: 7/24/2011 11:48:05 AM - System Checkpoint
    RP1102: 7/25/2011 9:59:49 PM - Software Distribution Service 3.0
    RP1103: 7/26/2011 11:22:10 PM - Software Distribution Service 3.0
    RP1104: 7/28/2011 7:46:38 AM - Software Distribution Service 3.0
    RP1105: 7/29/2011 8:21:19 AM - System Checkpoint
    RP1106: 7/29/2011 9:01:46 PM - Software Distribution Service 3.0
    RP1107: 7/30/2011 10:19:54 PM - Software Distribution Service 3.0
    RP1108: 7/31/2011 10:32:24 PM - Software Distribution Service 3.0
    RP1109: 8/1/2011 11:08:48 PM - System Checkpoint
    RP1110: 8/2/2011 12:19:35 AM - Software Distribution Service 3.0
    RP1111: 8/3/2011 1:05:57 AM - Software Distribution Service 3.0
    RP1112: 8/3/2011 6:27:23 PM - Software Distribution Service 3.0
    RP1113: 8/4/2011 5:47:46 PM - Installed Windows XP -- Software Updates KB952011.
    RP1114: 8/4/2011 10:11:05 PM - Software Distribution Service 3.0
    RP1115: 8/5/2011 11:22:53 PM - System Checkpoint
    RP1116: 8/6/2011 9:55:07 AM - Software Distribution Service 3.0
    RP1117: 8/7/2011 2:09:35 PM - Software Distribution Service 3.0
    RP1118: 8/8/2011 7:31:32 PM - Software Distribution Service 3.0
    RP1119: 8/9/2011 2:35:32 AM - Software Distribution Service 3.0
    RP1120: 8/10/2011 10:29:00 AM - Software Distribution Service 3.0
    RP1121: 8/10/2011 10:42:29 PM - Software Distribution Service 3.0
    RP1122: 8/11/2011 10:00:30 PM - Software Distribution Service 3.0
    RP1123: 8/13/2011 9:30:40 AM - Software Distribution Service 3.0
    RP1124: 8/14/2011 4:32:37 PM - Software Distribution Service 3.0
    RP1125: 8/15/2011 5:06:14 PM - Removed Windows Media Player Firefox Plugin
    RP1126: 8/15/2011 5:09:47 PM - Software Distribution Service 3.0
    RP1127: 8/16/2011 11:03:28 PM - Software Distribution Service 3.0
    RP1128: 8/18/2011 8:32:58 AM - Software Distribution Service 3.0
    RP1129: 8/19/2011 10:06:23 AM - Software Distribution Service 3.0
    RP1130: 8/20/2011 12:46:17 PM - System Checkpoint
    RP1131: 8/20/2011 7:21:14 PM - Software Distribution Service 3.0
    RP1132: 8/21/2011 10:18:53 PM - Software Distribution Service 3.0
    RP1133: 8/23/2011 12:25:50 AM - Software Distribution Service 3.0
    RP1134: 8/24/2011 1:15:39 AM - System Checkpoint
    RP1135: 8/24/2011 10:35:27 AM - Software Distribution Service 3.0
    RP1136: 8/24/2011 7:53:11 PM - Software Distribution Service 3.0
    RP1137: 8/25/2011 11:07:53 PM - Software Distribution Service 3.0
    RP1138: 8/27/2011 6:48:56 AM - Software Distribution Service 3.0
    RP1139: 8/28/2011 10:13:19 AM - Software Distribution Service 3.0
    RP1140: 8/29/2011 3:42:20 PM - Software Distribution Service 3.0
    RP1141: 8/30/2011 11:48:18 PM - Software Distribution Service 3.0
    RP1142: 9/1/2011 11:09:20 AM - Software Distribution Service 3.0
    RP1143: 9/2/2011 12:11:31 PM - System Checkpoint
    RP1144: 9/3/2011 4:49:42 AM - Software Distribution Service 3.0
    RP1145: 9/4/2011 9:42:18 AM - Software Distribution Service 3.0
    RP1146: 9/5/2011 1:53:02 PM - Software Distribution Service 3.0
    RP1147: 9/7/2011 8:03:09 AM - Software Distribution Service 3.0
    RP1148: 9/8/2011 8:02:23 AM - Software Distribution Service 3.0
    RP1149: 9/8/2011 8:12:29 AM - Software Distribution Service 3.0
    RP1150: 9/9/2011 9:22:07 AM - System Checkpoint
    RP1151: 9/9/2011 5:49:14 PM - Software Distribution Service 3.0
    RP1152: 9/11/2011 7:35:51 AM - Software Distribution Service 3.0
    RP1153: 9/12/2011 8:18:18 AM - Software Distribution Service 3.0
    RP1154: 9/13/2011 8:32:16 AM - System Checkpoint
    RP1155: 9/13/2011 10:19:14 PM - Software Distribution Service 3.0
    RP1156: 9/15/2011 12:02:34 AM - Software Distribution Service 3.0
    RP1157: 9/15/2011 7:38:00 AM - Software Distribution Service 3.0
    RP1158: 9/16/2011 8:54:42 AM - Software Distribution Service 3.0
    RP1159: 9/17/2011 10:23:33 AM - Software Distribution Service 3.0
    RP1160: 9/18/2011 8:11:12 PM - before_cleanup
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Common File Installer
    Adobe Reader 9.4.5
    Agere Systems HDA Modem
    Amazon MP3 Downloader 1.0.12
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BlackBerry Desktop Software 5.0.1
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
    Bonjour
    BookSmart® 3.1.0 3.1.0
    Borders Desktop
    Broadcom 802.11 Network Adapter
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Dropbox
     
  8. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Fingerprint Sensor Minimum Install
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Hotkey Features Setup
    Integrated Camera
    InterVideo WinDVD
    InterVideo WinDVD Creator 3
    iPod for Windows 2006-03-23
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 25
    Java(TM) 6 Update 7
    Lenovo Bluetooth with Enhanced Data Rate Software
    Lenovo Care
    Lenovo PM Driver
    Livescribe Connect
    Livescribe Desktop
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marketing Plan Pro 11.0 Powered by Duct Tape Marketing
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Media Content
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MindMaster
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Network Recording Player
    NTI Backup Now EZ
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    On Screen Display
    OpenOffice.org Installer 1.0
    PC-Doctor 5 for Windows
    PC Confidential 2008
    Picasa 3
    PM Driver
    Presentation Director
    Quicken 2010
    Quicken Legal Business Pro 2011
    Quicken WillMaker Plus 2010
    Quicken WillMaker Plus 2011
    QuickTime
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rescue and Recovery
    Rhapsody Player Engine
    RocketReader Version 8.00
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
     
  9. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sonic Update Manager
    SpeedItup Free 5.20
    Synaptics Pointing Device Driver
    TheFreeDictionarycom Toolbar
    ThinkPad PC Card Power Policy
    ThinkVantage Access Connections
    ThinkVantage Technologies Welcome Message
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager
    VZAccess Manager for RIM
    Wallpapers
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Toolbar
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    XP Themes
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2011 12:38:34 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    9/19/2011 12:16:47 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    9/19/2011 12:08:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/19/2011 11:56:41 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    9/19/2011 11:45:53 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC avgio avipbb Fips IBMTPCHK intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip TPHKDRV TSMAPIP
    9/19/2011 11:36:06 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/19/2011 10:53:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80072f76 Error description: The requested header was not found
    9/18/2011 9:57:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 9:48:38 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2011 9:48:15 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/18/2011 9:48:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.
    9/18/2011 9:44:41 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 7:58:37 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 7:12:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    9/18/2011 7:12:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    9/18/2011 7:03:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/18/2011 7:02:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/18/2011 7:01:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TSMAPIP
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 7:01:33 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/18/2011 6:45:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 11:30:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 10:24:17 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2011 10:10:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    9/18/2011 1:29:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2476.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/17/2011 1:09:27 AM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
    9/15/2011 12:05:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2156.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/15/2011 12:05:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2156.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/15/2011 12:05:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.111.2156.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/13/2011 10:07:43 PM, error: Service Control Manager [7000] - The smi2 service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    You're running two AV programs, Avira and MSE.
    One of them has to go.
    Your choice.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    aswmbr and combofix logs

    Hello Broni:

    Thank you very much for your prompt response. I noticed the duplicate MSE in the logs and uninstalled it right after my original posts. Thanks for the reminder.

    Here are the aswmbr and combofix logs. I had to rerun aswmbr again because the first run locked up. I am posting both logs. I may have to put them in a couple of posts because they may be too long. Thanks!

    Best regards,
    Wiz:wave:
    __________aswmbr log________________

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-20 11:02:36
    -----------------------------
    11:02:36.875 OS Version: Windows 5.1.2600 Service Pack 3
    11:02:36.875 Number of processors: 2 586 0xE0C
    11:02:36.875 ComputerName: LENOVO-ccccc UserName: iiii ccccc
    11:02:47.109 Initialize success
    11:07:32.750 AVAST engine defs: 11092000
    11:08:34.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:08:34.734 Disk 0 Vendor: WDC_WD2500BEVT-00A0RT0 01.01A01 Size: 238475MB BusType: 3
    11:08:34.750 Disk 0 MBR read successfully
    11:08:34.765 Disk 0 MBR scan
    11:08:34.843 Disk 0 unknown MBR code
    11:08:34.859 Disk 0 scanning sectors +488392065
    11:08:35.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:09:32.781 Service scanning
    11:09:38.890 Modules scanning
    11:10:03.921 Disk 0 trace - called modules:
    11:10:03.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    11:10:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9e9ab8]
    11:10:03.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000088[0x8aa17178]
    11:10:03.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a9ebd98]
    11:10:11.468 AVAST engine scan C:\WINDOWS
    11:11:22.718 AVAST engine scan C:\WINDOWS\system32
    11:11:26.625 Disk 0 MBR has been saved successfully to "C:\troubleshooter\cleanup_sept_11\cleanup_logs\MBR.dat"
    11:11:26.750 The log file has been saved successfully to "C:\troubleshooter\cleanup_sept_11\cleanup_logs\aswMBR.txt"

    __________aswmbr log 2________________


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-20 11:25:20
    -----------------------------
    11:25:20.640 OS Version: Windows 5.1.2600 Service Pack 3
    11:25:20.640 Number of processors: 2 586 0xE0C
    11:25:20.640 ComputerName: LENOVO-ccccc UserName: iiii ccccc
    11:26:49.937 Initialize success
    11:27:15.734 AVAST engine defs: 11092000
    11:27:27.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:27:27.703 Disk 0 Vendor: WDC_WD2500BEVT-00A0RT0 01.01A01 Size: 238475MB BusType: 3
    11:27:27.734 Disk 0 MBR read successfully
    11:27:27.734 Disk 0 MBR scan
    11:27:27.859 Disk 0 unknown MBR code
    11:27:27.890 Disk 0 scanning sectors +488392065
    11:27:28.062 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:28:58.390 Service scanning
    11:29:04.437 Modules scanning
    11:29:35.265 Disk 0 trace - called modules:
    11:29:35.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    11:29:35.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9e9ab8]
    11:29:35.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000088[0x8aa17178]
    11:29:35.312 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a9ebd98]
    11:29:42.781 AVAST engine scan C:\WINDOWS
    11:30:41.734 AVAST engine scan C:\WINDOWS\system32
    11:39:37.687 AVAST engine scan C:\WINDOWS\system32\drivers
    11:41:00.375 AVAST engine scan C:\Documents and Settings\iiii ccccc
    12:13:07.718 AVAST engine scan C:\Documents and Settings\All Users
    12:22:11.796 Scan finished successfully
    12:25:24.562 Disk 0 MBR has been saved successfully to "C:\troubleshooter\cleanup_sept_11\cleanup_logs\MBR.dat"
    12:25:24.562 The log file has been saved successfully to "C:\troubleshooter\cleanup_sept_11\cleanup_logs\aswMBR_2nd_scan.txt"

    ____________combofix log_____________________
    ComboFix 11-09-20.04 - iiii ccccc 09/20/2011 12:52:16.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1397 [GMT -7:00]
    Running from: c:\troubleshooter\cleanup_sept_11\security_software\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\TvsuCommandLauncher.exe.a2a8a026.ini
    c:\documents and settings\iiii ccccc\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\iiii ccccc\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
    c:\documents and settings\iiii ccccc\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
    c:\documents and settings\iiii ccccc\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
    c:\documents and settings\iiii ccccc\Local Settings\Application Data\ApplicationHistory\TvsuCommandLauncher.exe.a2a8a026.ini
    c:\documents and settings\iiii ccccc\Recent\Thumbs.db
    c:\documents and settings\iiii ccccc\Start Menu\Internet Explorer.lnk
    C:\install.exe
    C:\Thumbs.db
    c:\windows\system32\d3d9caps.dat
    c:\windows\WindowsXP-KB822603-x86.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-20 17:13 . 2011-09-20 17:13 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-09-20 03:02 . 2011-09-20 20:11 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2011-09-20 02:58 . 2011-09-20 20:08 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-09-19 17:56 . 2011-09-19 17:56 -------- d-----w- c:\documents and settings\iiii ccccc\Application Data\Malwarebytes
    2011-09-19 04:54 . 2011-09-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-09-19 04:54 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-19 04:54 . 2011-09-19 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-19 03:22 . 2011-09-19 03:22 -------- d-----w- c:\documents and settings\iiii ccccc\Application Data\Avira
    2011-09-19 03:18 . 2011-07-21 19:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-09-19 03:18 . 2011-07-21 19:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-19 03:18 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-09-19 03:18 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-09-19 03:18 . 2011-09-19 03:18 -------- d-----w- c:\program files\Avira
    2011-09-19 03:18 . 2011-09-19 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-09-19 02:09 . 2011-09-19 02:10 -------- d-----w- C:\troubleshooter
    2011-09-13 14:42 . 2011-09-13 14:42 -------- d-----w- c:\documents and settings\iiii ccccc\Application Data\com.livescribe.LivescribeConnect
    2011-09-13 14:42 . 2011-09-13 14:42 -------- d-----w- c:\program files\Common Files\Livescribe
    2011-09-13 14:41 . 2011-09-13 14:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-20 00:00 . 2008-02-16 08:36 44544 ----a-w- c:\windows\system32\agremove.exe
    2011-09-18 07:00 . 2007-11-10 04:04 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29 . 2006-04-30 06:55 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2006-04-30 06:55 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10 . 2006-04-30 06:55 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:36 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:36 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:36 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:05 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec
    2008-03-23 02:20 . 2008-03-23 02:20 35481456 ------w- c:\program files\Money_Plus_Deluxe_Win32_English_Online-US_Only_DwnLd.exe
    2008-03-23 00:54 . 2008-03-23 00:52 15452536 ------w- c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-02-29 14:57 . 2008-02-10 18:03 23344432 ------w- c:\program files\QuickTimeInstaller.exe
    2008-11-16 16:51 . 2008-11-15 05:08 27976 ------w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2008-11-16 16:51 . 2008-11-15 05:08 126360 ------w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2008-11-15 05:08 . 2008-11-15 05:08 98712 ------w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1e06b91-60e6-4492-af9f-53043fa32716}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\TheFreeDictionarycom\prxtbThe2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{d1e06b91-60e6-4492-af9f-53043fa32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe2.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D1E06B91-60E6-4492-AF9F-53043FA32716}"= "c:\program files\TheFreeDictionarycom\prxtbThe2.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{d1e06b91-60e6-4492-af9f-53043fa32716}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-26 68856]
    "ISUSPM"="c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
    "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-22 33128]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-02 7557120]
    "BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-27 273544]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    iTunes.lnk - c:\windows\Installer\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}\iTunesIco.exe [N/A]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    iTunes (2).lnk - c:\windows\Installer\{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}\iTunesIco.exe [N/A]
    .
    c:\documents and settings\iiii ccccc\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    iTunes (2).lnk - c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe [N/A]
    iTunes.lnk - c:\program files\iTunes\iTunes.exe [2011-3-7 9776936]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    iTunes.lnk - c:\program files\iTunes\iTunes.exe [2011-3-7 9776936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-01-11 06:05 13824 ------w- c:\windows\system32\tphklock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^iiii ccccc^Start Menu^Programs^Startup^Realhound IP Tune and Lube.LNK]
    path=c:\documents and settings\iiii ccccc\Start Menu\Programs\Startup\Realhound IP Tune and Lube.LNK
    backup=c:\windows\pss\Realhound IP Tune and Lube.LNKStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???6]
    c:\program files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
    2006-10-06 03:57 409600 -c----w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
    2006-10-06 03:53 110592 -c----w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2006-08-30 07:40 89542 ------w- c:\windows\AGRSMMSG.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2005-05-03 09:43 69632 ------w- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
    2007-08-23 05:48 53248 ------w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2009-11-20 05:29 623960 ----a-w- c:\program files\Common Files\Research in Motion\Auto Update\RIMAutoUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2006-10-12 07:28 1282048 ------w- c:\windows\system32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2006-07-15 02:13 2341632 -c----w- c:\program files\Lenovo\Client Security Solution\cssauth.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-05 00:08 136176 ----atw- c:\documents and settings\iiii ccccc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-08-30 17:50 205480 ----a-w- c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2007-08-30 17:50 205480 ----a-w- c:\program files\Common Files\Installshield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2007-08-29 00:43 73728 ----a-w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-07 23:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
    2006-07-03 16:11 110592 -c----w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyInsights]
    2008-02-19 16:19 502800 ------w- c:\program files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2006-03-02 12:41 7557120 ------w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2006-03-02 12:41 1519616 ------w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    2006-03-15 23:07 421888 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2007-08-10 06:21 16384000 ------w- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
    2006-04-21 22:32 675840 ------w- c:\windows\vsnp2std.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-01-07 20:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-08-26 13:41 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
    2006-05-08 01:34 94208 ------w- c:\program files\Lenovo\HOTKEY\TPHKMGR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]
    2006-04-19 22:29 24576 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
    2006-07-15 02:05 503808 -c----w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 04:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\iiii ccccc\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    .
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 12:48 PM 10240]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/18/2011 8:18 PM 136360]
    R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 7:04 AM 45312]
    R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [8/11/2011 3:03 PM 470528]
    RUnknown rpcnetp;rpcnetp; [x]
    S1 MpKsl4455b4c5;MpKsl4455b4c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89BDB2B4-AA68-4A1F-BA95-8A8340D0A0DB}\MpKsl4455b4c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89BDB2B4-AA68-4A1F-BA95-8A8340D0A0DB}\MpKsl4455b4c5.sys [?]
    S1 MpKslb523da44;MpKslb523da44;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C64F5AB7-6F66-41EF-ABE6-9BAD6298F43D}\MpKslb523da44.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C64F5AB7-6F66-41EF-ABE6-9BAD6298F43D}\MpKslb523da44.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:37 PM 135664]
    S2 smi2;smi2;\??\c:\program files\SMI2\smi2.sys --> c:\program files\SMI2\smi2.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 7:37 PM 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2/8/2011 11:35 PM 20480]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    2011-08-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
    .
    2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:37]
    .
    2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 02:37]
    .
    2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942788721-270316561-3154462386-1005Core.job
    - c:\documents and settings\iiii ccccc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 00:08]
    .
    2011-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2942788721-270316561-3154462386-1005UA.job
    - c:\documents and settings\iiii ccccc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 00:08]
    .
    2011-08-16 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
    .
    2011-09-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2942788721-270316561-3154462386-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    2011-09-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2942788721-270316561-3154462386-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.babylon.com/home?AF=14542
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    Notify-ACNotify - ACNotify.dll
    MSConfigStartUp-AMSG - c:\program files\ThinkVantage\AMSG\Amsg.exe
    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    MSConfigStartUp-DiskeeperSystray - c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    AddRemove-PCConfidential_is1 - c:\program files\Winferno\PC Confidential\unins000.exe
    AddRemove-SpeedItup Free 5.20 - c:\program files\SpeedItup Free\Uninstall.exe
    AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\iiii ccccc\Local Settings\Application Data\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}\NBCDirectInstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-20 13:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Shared Tools\MSConfig\startupreg\gw‘6*]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ku6SpeedUpper"
    "hkey"="HKLM"
    "command"="\"c:\\Program Files\\¿á6Íø\\¼«ËÙ¿á6\\Ku6SpeedUpper.exe\" /start"
    "inimapping"="0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1240)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\windows\system32\tphklock.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(1656)
    c:\windows\system32\WININET.dll
    c:\documents and settings\iiii ccccc\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Lenovo\PM Driver\PMSveH.exe
    c:\windows\system32\PSIService.exe
    c:\windows\System32\rpcnetp.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Common Files\Lenovo\Logger\logmon.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-20 13:27:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-20 20:27
    .
    Pre-Run: 114,442,387,456 bytes free
    Post-Run: 115,249,491,968 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 5D650E9A7D3CB0A0706A9D4103B2B727
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    OTL and Extras logs (part 1)

    Hello Broni:

    Thank you very much for your response. I had to go to a family function last night and could not run OTL till now. But, I have a few hours today to complete the cleanup today.

    The laptop is doing much better, thanks to your great service! But, it still takes around 5 minutes to boot even with 2GB of RAM. We need to remove some applications from the startup, e. g. iTunes, after the cleanup. Here are the OTL and Extras logs. I may have to put them in a couple of posts because they may be too long. Thanks, again!

    Best regards,
    Wiz:wave:
    __________OTL log________________

    OTL logfile created on: 9/21/2011 11:01:14 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\troubleshooter\cleanup_sept_11\security_software
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.44% Memory free
    3.35 Gb Paging File | 2.90 Gb Available in Paging File | 86.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 222.15 Gb Total Space | 107.23 Gb Free Space | 48.27% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-ccccc | User Name: iiii ccccc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/21 10:58:30 | 001,318,456 | ---- | M] (Google Inc.) -- C:\Documents and Settings\iiii ccccc\Local Settings\temp\CR_371F1.tmp\setup.exe
    PRC - [2011/09/20 11:45:00 | 000,523,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Update\Install\{F52DAA39-FB61-4C98-8D40-D03E00641FEB}\chrome_updater.exe
    PRC - [2011/09/18 09:55:38 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\troubleshooter\cleanup_sept_11\security_software\OTL.exe
    PRC - [2011/08/11 15:03:31 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
    PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2011/04/27 10:45:36 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
    PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2009/09/19 07:04:52 | 000,562,944 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    PRC - [2009/09/19 07:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    PRC - [2006/10/05 20:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2006/08/22 00:54:08 | 000,033,128 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
    PRC - [2006/07/14 18:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2006/07/14 18:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2006/05/24 14:33:32 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
    PRC - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/11 15:03:31 | 000,276,992 | ---- | M] () -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommSdk.dll
    MOD - [2011/07/21 15:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008/09/30 09:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Backup Now EZ\sqlite3.dll
    MOD - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
    MOD - [2006/10/05 20:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    MOD - [2006/10/05 20:53:48 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcBroadcom.dll
    MOD - [2006/10/05 20:42:28 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
    MOD - [2006/10/05 20:42:22 | 000,929,792 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll
    MOD - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    MOD - [2006/10/05 20:40:28 | 000,434,176 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
    MOD - [2006/10/05 20:39:58 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
    MOD - [2006/10/05 20:39:54 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    MOD - [2006/10/05 20:39:46 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    MOD - [2006/10/05 20:39:22 | 000,561,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
    MOD - [2006/10/05 20:38:12 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    MOD - [2006/10/05 20:38:10 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    MOD - [2006/10/05 20:38:06 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    MOD - [2006/10/05 20:37:58 | 000,163,840 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    MOD - [2006/10/05 20:37:40 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
    MOD - [2006/07/14 18:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    MOD - [2006/07/14 18:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
    MOD - [2006/07/14 18:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    MOD - [2006/05/24 14:33:34 | 000,032,768 | ---- | M] () -- C:\Program Files\Lenovo\PM Driver\PMEbLib.dll
    MOD - [2006/05/24 14:33:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PM Driver\PMHlerIO.dll
    MOD - [2006/01/10 23:05:38 | 000,013,824 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
    SRV - [2011/08/11 15:03:31 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
    SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/09/19 07:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
    SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2006/07/14 18:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2006/05/24 14:33:32 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
    SRV - [2006/01/17 11:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/12/29 16:50:18 | 000,020,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2007/08/09 21:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/10/12 00:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2006/09/08 18:01:20 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/08/29 22:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/07/17 10:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2006/07/14 16:39:18 | 000,121,216 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
    DRV - [2006/06/20 11:00:34 | 010,324,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
    DRV - [2006/05/24 12:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
    DRV - [2006/02/26 13:46:00 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/01/17 11:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/01/17 11:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/01/13 01:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2005/11/16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/11/08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/11/01 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
    IE - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe2.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/27 10:46:03 | 000,000,000 | ---D | M]

    [2010/07/22 09:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/16 09:51:15 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
    [2008/11/16 09:51:15 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
    [2008/11/14 22:08:28 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
    [2008/11/14 22:08:20 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll
    CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Babylon Chrome OCR = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
    CHR - Extension: Todo.ly = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\

    O1 HOSTS File: ([2011/09/20 13:13:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (TheFreeDictionarycom Toolbar) - {d1e06b91-60e6-4492-af9f-53043fa32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe2.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\..\Toolbar\WebBrowser: (TheFreeDictionarycom Toolbar) - {D1E06B91-60E6-4492-AF9F-53043FA32716} - C:\Program Files\TheFreeDictionarycom\prxtbThe2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\iTunes (2).lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\iTunes.lnk = File not found
    O4 - Startup: C:\Documents and Settings\iiii ccccc\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\iiii ccccc\Start Menu\Programs\Startup\iTunes (2).lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
    O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79329D27-B098-40C1-A872-53EAABB622E3}: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\REALHOUND IP Client\eztoolslib2.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/04/30 00:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/20 12:47:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/09/20 12:44:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/09/20 12:44:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/09/20 12:44:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/09/20 12:44:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/09/20 12:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/09/20 12:42:38 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/20 10:13:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/09/19 10:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iiii ccccc\Application Data\Malwarebytes
    [2011/09/18 21:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/09/18 21:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/09/18 21:54:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/09/18 21:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/09/18 20:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iiii ccccc\Application Data\Avira
    [2011/09/18 20:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2011/09/18 20:18:29 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2011/09/18 20:18:26 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2011/09/18 20:18:26 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2011/09/18 20:18:26 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2011/09/18 20:18:26 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2011/09/18 20:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/09/18 20:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2011/09/18 19:09:43 | 000,000,000 | ---D | C] -- C:\troubleshooter
    [2011/09/13 07:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iiii ccccc\Application Data\com.livescribe.LivescribeConnect
    [2011/09/13 07:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Livescribe
    [2011/09/13 07:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2008/03/22 19:20:39 | 035,481,456 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Money_Plus_Deluxe_Win32_English_Online-US_Only_DwnLd.exe
    [2008/03/22 17:52:48 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
    [2008/02/10 11:03:52 | 023,344,432 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
    [2007/11/09 20:37:45 | 000,122,880 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
    [2007/11/09 20:37:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/09/21 11:03:50 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2942788721-270316561-3154462386-1005UA.job
    [2011/09/21 11:01:49 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Desktop\Google Chrome.lnk
    [2011/09/21 11:01:49 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/09/21 10:40:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/09/21 10:37:49 | 000,011,707 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/09/21 10:37:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2942788721-270316561-3154462386-1005.job
    [2011/09/21 10:35:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/09/21 10:35:19 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/21 10:30:15 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
    [2011/09/20 13:27:46 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\agremove.exe
    [2011/09/20 13:13:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/09/20 12:48:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/09/20 10:14:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/09/19 17:23:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2942788721-270316561-3154462386-1005.job
    [2011/09/19 16:47:31 | 000,442,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/09/19 16:47:31 | 000,071,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/09/18 21:54:26 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/18 20:18:47 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/09/16 08:58:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2942788721-270316561-3154462386-1005Core.job
    [2011/09/15 00:03:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/09/13 22:07:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/09/13 22:07:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/09/13 07:42:20 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
    [2011/09/11 14:07:02 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/08/29 23:53:31 | 001,557,615 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\My Documents\Top 10 Myths About ADHD - Parenting on Shine.pdf
    [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/09/21 10:30:15 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
    [2011/09/20 12:48:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/09/20 12:47:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/09/20 12:44:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/09/20 12:44:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/09/20 12:44:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/09/20 12:44:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/09/20 12:44:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/09/19 11:57:47 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
    [2011/09/18 21:54:26 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/18 20:18:47 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2011/09/13 07:42:20 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Livescribe Desktop.lnk
    [2011/08/29 23:53:31 | 001,557,615 | ---- | C] () -- C:\Documents and Settings\iiii ccccc\My Documents\Top 10 Myths About ADHD - Parenting on Shine.pdf
    [2011/03/10 14:26:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/08/13 16:19:31 | 001,346,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/21 12:07:23 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/21 09:55:41 | 000,000,019 | ---- | C] () -- C:\WINDOWS\rrver.ini
    [2010/01/22 10:37:47 | 000,060,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/12/13 22:52:08 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/09/14 02:15:30 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/03/25 21:51:47 | 000,002,389 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2008/01/08 17:59:26 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2008/01/02 21:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/12/24 07:32:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/12/07 10:43:49 | 000,008,456 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/12/07 10:43:49 | 000,000,248 | RHS- | C] () -- C:\WINDOWS\System32\BED877E268.sys
    [2007/12/07 09:14:40 | 000,000,271 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
    [2007/11/09 21:15:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/11/09 21:04:36 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
    [2007/11/09 21:03:59 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2007/11/09 21:02:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
    [2007/11/09 20:49:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2007/11/09 20:48:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/11/09 20:48:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/11/09 20:48:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/11/09 20:48:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/11/09 20:48:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/11/09 20:48:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/11/09 20:39:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2007/11/09 20:39:34 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2007/11/09 20:39:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2007/11/09 20:39:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2007/11/09 20:39:03 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ2.dat
    [2007/11/09 20:39:03 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
    [2007/11/09 20:39:03 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
    [2007/11/09 20:37:46 | 000,126,976 | ---- | C] () -- C:\WINDOWS\tsnp2std.exe
    [2007/11/09 20:37:46 | 000,024,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
    [2007/11/09 20:37:46 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
    [2007/11/09 20:37:45 | 010,324,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
    [2007/11/09 20:30:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
    [2007/11/09 20:21:03 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2007/11/09 20:21:02 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/11/09 20:21:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/11/09 20:21:02 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2007/11/09 20:21:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/11/09 20:21:02 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2007/11/09 20:21:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/11/09 20:21:01 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2007/11/09 20:21:01 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2007/11/09 20:21:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2007/11/09 20:21:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2007/10/28 00:41:43 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\c4dllo.dll
    [2007/10/28 00:41:43 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpeg32.dll
    [2007/10/28 00:41:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\std4odbc.dll
    [2007/10/28 00:41:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
    [2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
    [2006/10/19 23:06:59 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [2006/04/30 00:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/04/30 00:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/04/30 00:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/04/30 00:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/04/29 23:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/04/29 23:55:55 | 000,442,572 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/04/29 23:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/04/29 23:55:55 | 000,071,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/04/29 23:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/04/29 23:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/04/29 23:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/04/29 23:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/04/29 23:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/04/29 23:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/04/29 23:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/04/29 23:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/04/29 23:55:25 | 000,588,800 | ---- | C] () -- C:\WINDOWS\System32\autochk.exe
    [2006/04/29 17:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/04/29 17:03:29 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/01/17 11:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
     
  14. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    OTL and Extras logs (part 2)

    ========== LOP Check ==========

    [2008/09/06 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
    [2007/11/09 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
    [2008/01/01 17:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
    [2010/03/21 16:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
    [2008/09/24 13:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
    [2007/11/09 21:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2011/02/08 23:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe
    [2010/07/22 09:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
    [2010/07/11 22:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg
    [2008/11/29 14:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
    [2008/11/29 14:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
    [2010/08/13 14:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/03/21 09:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RocketReader
    [2007/12/27 20:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr
    [2011/01/03 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/05/11 07:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/13 09:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/09/01 23:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/09/06 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
    [2007/11/09 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
    [2011/07/04 23:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Amazon
    [2010/08/13 16:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Blackberry Desktop
    [2011/09/13 07:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\com.livescribe.LivescribeConnect
    [2011/09/21 10:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Dropbox
    [2010/05/25 08:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\IDM
    [2010/05/30 21:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\InterVideo
    [2010/10/04 22:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Leadertech
    [2008/09/06 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Lenovo
    [2010/07/22 09:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\NBC Direct
    [2011/04/11 19:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Nolo
    [2011/03/18 15:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\RegistryKeys
    [2010/08/13 14:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Research In Motion
    [2011/02/08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Temp
    [2007/11/09 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\ThinkVantage
    [2011/08/15 17:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc\Application Data\Uniblue
    [2008/07/06 20:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\Amazon
    [2008/09/24 16:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\dtmenu1
    [2008/01/17 22:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\InterVideo
    [2009/03/30 09:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\Leadertech
    [2008/09/06 14:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\Lenovo
    [2008/11/29 14:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\PPLiveVA
    [2009/12/13 21:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\Quicken WillMaker
    [2009/09/14 02:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\Research In Motion
    [2007/11/09 21:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iiii ccccc backup\Application Data\ThinkVantage
    [2011/08/16 08:15:35 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    [2011/08/16 08:16:07 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/04/30 00:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/05/14 15:03:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/09/20 12:48:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/09/20 13:27:31 | 000,025,813 | ---- | M] () -- C:\ComboFix.txt
    [2006/04/30 00:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/09/21 10:35:19 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/04/30 00:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/04/30 00:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/01/04 23:03:13 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2011/09/21 10:34:58 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/14 15:42:24 | 1073,741,824 | ---- | M] () -- C:\pfsvoddata.bbv
    [2007/11/09 20:21:14 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/04/30 00:12:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/03/22 17:54:46 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
    [2008/03/22 19:20:42 | 035,481,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Money_Plus_Deluxe_Win32_English_Online-US_Only_DwnLd.exe
    [2008/02/29 07:57:32 | 023,344,432 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
    [2010/08/12 14:27:22 | 000,083,968 | ---- | M] () -- C:\Program Files\TurboTax Online 2009 License Agreement.doc


    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/04/29 17:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006/04/29 17:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006/04/29 17:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/12/16 14:17:13 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/05/18 09:19:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\iiii ccccc\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/04/30 00:21:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2004/12/09 18:23:46 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2std.src
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2005/11/23 17:42:33 | 000,296,960 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\My Documents\alternatiff-1_6_3.exe
    [2008/01/02 21:28:39 | 006,026,816 | ---- | M] (Mozilla) -- C:\Documents and Settings\iiii ccccc\My Documents\Firefox Setup 2.0.0.11.exe
    [2006/06/28 16:42:39 | 011,817,800 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\iiii ccccc\My Documents\GoogleEarth.exe
    [2006/10/22 22:03:46 | 017,533,000 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\iiii ccccc\My Documents\ie7setup_mail.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/12/07 08:53:07 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\iiii ccccc\Favorites\Desktop.ini
    [2007/12/24 07:42:43 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Favorites\Microsoft bCentral.lnk
    [2009/11/12 00:22:47 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Favorites\My Network Places.lnk
    [2007/02/04 20:43:03 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Favorites\My Webs.LNK

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/06/22 21:43:46 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\iiii ccccc\Cookies\desktop.ini
    [2011/09/21 11:09:14 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\iiii ccccc\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 06:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/14 00:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 06:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2010/07/16 08:34:13 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723BF4A6

    < End of report >

    ________________Extras log_____________

    OTL Extras logfile created on: 9/21/2011 11:01:15 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\troubleshooter\cleanup_sept_11\security_software
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.44% Memory free
    3.35 Gb Paging File | 2.90 Gb Available in Paging File | 86.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 222.15 Gb Total Space | 107.23 Gb Free Space | 48.27% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-ccccc | User Name: iiii ccccc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\iiii ccccc\Local Settings\Temporary Internet Files\Content.IE5\2BNHJ0BK\ed266[1].exe" = C:\Documents and Settings\iiii ccccc\Local Settings\Temporary Internet Files\Content.IE5\2BNHJ0BK\ed266[1].exe:*:Enabled:Application Layer Gateway Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\iiii ccccc\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{07A80BEE-09F2-4CCF-AA36-A2AF2FC52F03}" = Marketing Plan Pro 11.0 Powered by Duct Tape Marketing
    "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 25
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Lenovo Bluetooth with Enhanced Data Rate Software
    "{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{6149ADDB-974F-4574-84FA-B2DB19CF9D59}" = RocketReader Version 8.00
    "{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
    "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Integrated Camera
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
    "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
    "{830C1687-F55F-45C1-AD2B-405824DC65DB}" = Network Recording Player
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
    "{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E0E07D0E-2B41-FCB0-6596-FEE18AABE9FD}" = Livescribe Connect
    "{EC9C7E86-A4C7-4024-87B5-707A2F1A337C}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2FF2CFB-CA3A-438D-ABF5-B99013DFB72A}" = MindMaster
    "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
    "{F9CCC3C3-F99F-4183-AF6F-F22E36D36FAB}" = Fiiiirprint Sensor Minimum Install
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "BookSmart® 3.1.0 3.1.0" = BookSmart® 3.1.0 3.1.0
    "Borders Desktop" = Borders Desktop
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
    "com.livescribe.LivescribeConnect" = Livescribe Connect
    "conduitEngine" = Conduit Engine
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
    "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
    "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
    "Livescribe Desktop 2.8.1" = Livescribe Desktop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2008b" = Microsoft Money Plus
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Picasa 3" = Picasa 3
    "Quicken Legal Business Pro 2011" = Quicken Legal Business Pro 2011
    "Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010
    "Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
    "RealPlayer 12.0" = RealPlayer
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TheFreeDictionarycom Toolbar" = TheFreeDictionarycom Toolbar
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Live Toolbar" = Windows Live Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/20/2011 8:35:39 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7698313

    Error - 9/20/2011 9:09:52 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/20/2011 9:09:52 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2547

    Error - 9/20/2011 9:09:52 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2547

    Error - 9/20/2011 9:09:54 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/20/2011 9:09:54 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4578

    Error - 9/20/2011 9:09:54 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4578

    Error - 9/20/2011 9:26:57 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 9/20/2011 9:26:57 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1027781

    Error - 9/20/2011 9:26:57 PM | Computer Name = LENOVO-ccccc | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1027781

    [ System Events ]
    Error - 9/20/2011 3:53:43 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 9/20/2011 3:58:50 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 9/20/2011 4:00:16 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7031
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 9/20/2011 4:12:22 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7000
    Description = The smi2 service failed to start due to the following error: %%3

    Error - 9/20/2011 4:36:15 PM | Computer Name = LENOVO-ccccc | Source = MRxSmb | ID = 8003
    Description = The master browser has received a server announcement from the computer
    ALI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{79329D27-B098-40C1-A8.
    The
    master browser is stopping or an election is being forced.

    Error - 9/21/2011 1:37:42 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7000
    Description = The smi2 service failed to start due to the following error: %%3

    Error - 9/21/2011 1:40:17 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the NVSvc service.

    Error - 9/21/2011 1:40:18 PM | Computer Name = LENOVO-ccccc | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 9/21/2011 1:40:18 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Google Update Service
    (gupdate) service to connect.

    Error - 9/21/2011 1:40:18 PM | Computer Name = LENOVO-ccccc | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    < End of report >
     
  15. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Babylon Search on IE!

    Hello Broni:

    I just noticed that IE opens to the "Free Dictionary" and "Babylon Search"! I think the second one is not acceptable and we should remove it. I am sure you would have noticed it, as well, since I found another thread, where you indeed instructed another user to remove it. We need to update Java VM and Flash and Shockwave players, and remove the old JREs. But, I will wait for your instructions. Thanks, again!

    Best regards,
    Wiz:wave:
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
      CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
      CHR - Extension: Babylon Chrome OCR = C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll File not found
      O3 - HKU\S-1-5-21-2942788721-270316561-3154462386-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\iTunes (2).lnk = File not found
      O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\iTunes.lnk = File not found
      O4 - Startup: C:\Documents and Settings\iiii ccccc\Start Menu\Programs\Startup\iTunes (2).lnk = File not found
      O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
      O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:723BF4A6
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    OTL-Fix and Security-Check logs (Part 1)

    Hello Broni:

    Thank you very much for your response. The laptop still takes around 5 minutes to boot even with 2GB of RAM. We need to remove some applications from the startup, e. g. iTunes, after the cleanup.

    Here are the OTL-Fix and Security-Check logs logs. I may have to put them in a couple of posts because they may be too long. I will do ESET online scanner next. But, its results may not be available for several hours. I look forward to receiving your next instructions. Thanks, again!

    Best regards,
    Wiz:wave:
    __________________OTL-Fix log_________

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-2942788721-270316561-3154462386-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll moved successfully.
    C:\Documents and Settings\iiii ccccc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2942788721-270316561-3154462386-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\iTunes (2).lnk moved successfully.
    C:\Documents and Settings\Default User\Start Menu\Programs\Startup\iTunes.lnk moved successfully.
    C:\Documents and Settings\iiii ccccc\Start Menu\Programs\Startup\iTunes (2).lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53F6FCCD-9E22-4d71-86EA-6E43136192AB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{925DAB62-F9AC-4221-806A-057BFB1014AA}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\Program Files\WebEx\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
    C:\WINDOWS\System32\SET55.tmp deleted successfully.
    C:\WINDOWS\System32\SET57.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C.tmp deleted successfully.
    C:\WINDOWS\System32\SET63.tmp deleted successfully.
    C:\WINDOWS\System32\SET6C.tmp deleted successfully.
    C:\WINDOWS\System32\SET6E.tmp deleted successfully.
    C:\WINDOWS\System32\SET71.tmp deleted successfully.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\003044_.tmp deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:723BF4A6 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes
    ->Flash cache emptied: 56468 bytes

    User: iiii ccccc
    ->Temp folder emptied: 157470 bytes
    ->Temporary Internet Files folder emptied: 137975216 bytes
    ->Java cache emptied: 3310239 bytes
    ->Google Chrome cache emptied: 136475497 bytes
    ->Flash cache emptied: 343 bytes

    User: iiii ccccc backup
    ->Temp folder emptied: 878327616 bytes
    ->Temporary Internet Files folder emptied: 159098731 bytes
    ->Java cache emptied: 13071246 bytes
    ->FireFox cache emptied: 60521363 bytes
    ->Google Chrome cache emptied: 356618418 bytes
    ->Flash cache emptied: 2249283 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66253 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 309996 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,667.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: iiii ccccc
    ->Flash cache emptied: 0 bytes

    User: iiii ccccc backup
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 09222011_162706

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\0C71CAQ3XTL3CAWG4XAACA432WAPCA40GILDCA22P0M3CAFUI0YMCA4N86Q1CA9G5UFLCA8A6K9ACAHY3G46CAO07LB8CAM2XJ4KCAW7YKRCCA3PSZYICAC0ZJV1CARJQGGMCACUN9LXCAZAF75UCAKX5YYG not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\0ZC4CAXW5LK5CAT57GC6CABG18ODCAIH8512CAQDKTX6CAJX25WICA5XO02GCAI03TB4CA0FOCKMCAR0OTF5CAFUPJ3ECAAAWGU7CAWK9FVXCAZ3F6L1CASCL2NTCAA8ES11CAIOKY6ECA160HHDCA1JH006 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\1PTUCA544Y35CAK17SLZCASBUDMCCA46FR2JCAZN91L1CAKWXRG4CAIV4L6VCAL0YD4PCA5Q9VX1CA0XV55XCACY63YDCAM1WTOFCAJPA0KZCAA51MNDCAB2R4T9CAUUO5PTCA7AWUK2CAZU51ONCAPI2NJF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\2CQMCAPQBEU2CAOTKVB7CAZ14H4PCAX1DPW1CA1BLVPFCABEU380CA46U7FWCAOVTXDDCAZN5UWSCA9C8X27CAKHUSAHCA3EZNMGCAC0CCTHCAQRPFKICAJKACOECA7IBO0VCAVKKSS6CA7JHWXSCA903GI4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\36L2CA4XE9KVCAKG1DRPCAPJK41YCAL0IOSECAOPKTTOCAKUCNGYCAQPFPKSCAWD6JOICA6I00TBCA3G0DZTCAV10RKKCAY9U390CARH2ER0CAVXNRP5CAZIVSWACAJYHCS2CAO4XGKBCA2TO8JACAT0E0S3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\4BO2CAGKUR97CA3O9HQ8CADXZ099CARA73T8CAELN87KCA0BPV69CAOAHG7ZCAIPBR2ZCALEBNVFCAY8B08ZCAZPMVU4CA3KNBIKCAOT1OC6CAB4W3W3CAIMTR9CCAXA4Y5BCAS3NEGMCAP23L3VCAA6CS7B not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\6KEOCAB8F2NCCAGKQZO6CAQFG54GCACPMWO6CAFX8WL0CAMX0O9ICAKODAFICASFCJS0CAK3P2DZCA4ZVXSUCA74J3PHCAM6X8DECAR1NE1DCA1QY4IPCADEV97QCA9LY6SRCAYXRG98CA0DH2WBCA8BITOA not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\86H2CA4YD2EACA222VKMCA53XN9QCAOYFD0HCANTOCFMCAFA88L0CAXSAR4ZCAOHOTBACAXZNWK0CA3SBLZ7CAX1ZGBECAWG115RCAGKFMSGCA4KRF7PCASI0Q6ICAO3B96UCAJ3OBGWCATYPSTRCACZV4KU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\AV4LCABH539ACA1ACI8SCAVZ2KPRCAP2YKD6CAV3NKQ4CAT87U63CAON0DYNCAQ56LWVCALX6PCGCAISIL0NCAATD1N5CA7WDGGRCADHYL6BCAWA2GP7CAA4VIMPCAGZUP8ICATAJIIXCAE0CV74CA9CFIIS not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\DNOVCA69V6LHCAUI81NOCA8VN7DOCACVQFB6CACH67E3CA49WEGGCAJ3SMZLCA5UVR1KCAXCDQ5LCA4UWLT5CAO40L4RCARG3BUBCAVDM4HNCA581BC1CAKQ393RCAMWVY2ZCABR1AGCCA27Y91YCAYRKJZP not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\DWWYCAWYCKV0CA7XQOVQCATV8XAICAKF1DYXCAGX3PVKCAQM981KCA3197NJCA6HNKHWCA9PYJ4CCAJEQHKVCA5NH0IACAAK8MWWCAP0G148CASZ5YETCA64AANKCAAK4T25CAIXJ9IOCAPHUG1BCAG0VZD4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\E9YACACJUPO0CAGCPDETCAZ977OOCAG8RH6ZCAUPHHO8CAYWKV5ACA520RB8CAS937HOCAE9F6OECANSIT4QCAFTBT86CAU84HT5CAI2D3L2CAZ61XECCAT0879JCA3D4Y04CAL13EPLCAOFACDVCA6DTZR8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\F5HNCABBYDJ9CAK8QXC9CA4WWGNJCALZLT5PCA72RPI8CAHFG11CCATZ3384CANNAS1KCAYFFN65CAPLE69HCA9AXYYVCA3HXSTICALVX30WCA6W9T75CAGPBCF9CAXS0PI2CAEI1PL1CA7JKCRICA7DPZL6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\GBPDCAJW8XXWCAWI542DCALF4T26CAVI5SCVCAO7EVFUCAVZ32BFCASO6UKACAKFKFD0CA6ACBQPCAJB0GXKCA5I2E0BCAYB0IOLCAYNYJLRCA9503WCCAQYS6ZKCAIROFTICA2BPJCXCA24LT6KCAZWEWGZ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\GNBPCAW0I6VGCAKUN9YKCAYS6WAXCA9GULM5CAFXLK19CAI879WHCACEF91DCA0G746ZCAI3VGB2CA46RHYCCA41DNC5CA9Y8S0OCA7L2V5BCA8F336QCAKS26NRCAUH7X1HCAGI3NJ2CA71S4DRCAN0Q40B not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\GV06CAWB65U9CA8GGQF1CAXKZ6FGCA92L1FFCA9LBDA4CAY0E8SNCAP4SWESCAB23JM2CA7MNUVTCACLNQNQCAGBUO8WCA6650JCCAF59YXJCAY33SYBCAREL6E2CAEYQGNHCATVRVHTCAMLCRH9CAGNIG9L not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\J7B6CASY5I7ACACPS9D5CA17BXR8CAA0LR9RCAPHMT6ICAUO6NC7CA1D39C2CACNC3H0CA96H95DCA8CC4GNCA99LEUSCAFIDDSUCA56W8NJCAY635MKCAVEUCYVCAOD253YCAUZFEFKCAR6BFHQCA5CZKMG not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\JFW4CA9DOHAGCAQWRI5VCATOSI2CCAV5Q5ICCALD342SCAYZ3JGSCA9570ASCAHF0XC2CAYXOX0VCAJLICWVCAZYP70ACANAKIU4CASVKMALCA07X1QVCAQXIQ2ICA1L60RLCAA29D3NCA4NOEFUCABOGO5C not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\LY9RCATNLDHLCA9QNA2OCAWNIOLVCAP06EFQCAIVP4H7CAFI0K7QCAUJFRQ6CA1CQS1HCAD1PPM5CAE9O95JCAMTFIEDCABU526JCA99K0L1CAVMUCFZCAQ6KUKKCAK80LFOCARFRCOLCAD3BH5RCAW8D6KJ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\MD4KCA6RWFIZCAYXU1W8CAFI78JXCAD73KK6CAL7K2DSCAASA6AJCA211RFTCAFWK1C2CAN8QLY2CAJ4NYBRCA1CNAMQCAJE43GHCANL3XX4CAPX6T15CAXKIGM8CAYPTVGFCACFGN5HCAQIDEWZCA19CSP8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\MFXQCABPOXH4CAHFX881CAHYFR8KCAMQ6YQ8CAQFBX1DCABXCFKOCAPU2C4ICAPVU1GYCALEH3Z6CA7U9NHNCATMXP1BCANX09P3CA0A020LCAKMOYTXCA0R2MF3CAEIUPBDCARNS047CAL9OK5XCANE1T3N not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\MI2NCAEVX7RTCA481SQMCA20R275CAPH7J98CAGEW327CAXGML6ICA79SL14CASX55RHCAW9LHNMCA3569QTCAIC3L9MCAC87DY9CAX7GIQ1CA9M0C1YCASJ9AGCCAL0QO0MCAKX95KHCA2A1FANCAF2A6ZN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\OI2OCAXXG9ZGCAIFBWWACAINEZ0YCAHL2KUOCAQ3MIZYCAPJ8KPUCA9UOQ88CA7OM8XPCAVFKUG9CAF8HPCCCA3AJG7DCAM5HHQHCA74UXM1CAX0S782CADQLN59CAZOWSXZCA4OS1E8CAMWR72OCAMSUY17 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\OXMECASP3R1XCAAUXS95CAGE903MCAEH4G17CAK47ZGOCABQWOTFCAZC8BK2CA4QISE7CAFG1CO2CAFY3W46CAFPIM9SCASP37KTCANV5I5XCAAUJF9HCAV0OCEKCAV3ZLHFCAQCHUTUCA6A66SACABTKMGU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\PYNDCAG26HS5CAXRB1RGCA8WNF0PCAOTFBZGCAS8KDLUCAENJE3HCA2XH9PMCALNFXJUCA0DREYJCAZAXKJ0CA8RPTGOCAGVHPX9CACTAGTDCA5M4VBECAOBVB1OCAGW2F28CAVL413SCA0B8QMBCAUK440Y not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\R8UXCA7O739FCAPHZQ57CAMX7MJSCA3W86E3CAD1QKSUCA8VXBPNCAKATJYCCAE5RHBECAW43V7ZCALUBCO1CAZMR1JZCABKZKOTCA7JYBT7CACXSJ1QCAVQE4LZCAL8P3RZCAI9X09LCAMGFSFWCA3XL4XE not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\R94FCAT9DCZ6CA7TUP27CALWA4QKCAOE5L17CA5QVRUQCADGTLYZCAUK4659CAO7NK39CAW7ESZKCAUY51L8CA2WFGPMCA0GE2WDCAGGXPJYCAGA39A4CAEZ3XHUCA0JPKLLCA865020CA125UZ3CAVZQRF3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\S3QICAQH31G8CALPLLULCA7T83OHCADP4J4XCA4U0EAPCA2T7RMZCA5QTE4TCAF8H5PWCAGAK6W4CA01KV6ICA09I1ABCAZSL2LMCANJUDA5CAFTRXGVCA2BST1OCAYTZ9ZHCAO77519CA0KZ53MCAG04W0S not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\UR6KCAIEZOYPCAQMNLU0CAUDUM4ECAJEKKCLCAT9G1XECAJQS73OCAO0CXOACA3DWPVICAETY2M3CACOVHLYCAX218G9CARIV8OGCALGHTDICAOSCHRGCA5G5HG3CAH3XOY1CAJFR094CAO0NUT2CA0BJI65 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\WA1VCAGM57TZCAVJXXKJCAO7F5DLCAIDT5CACAZOK7MFCAHG10B0CAPOAXUSCA1PRAMGCAQKH5EXCAE12375CA1DMQ7BCASXZ44ZCADJO6A8CAXZ642PCA176MTJCAJRUELQCA9QSOPLCAM1CAC1CAJEV8ZI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\Y7I4CAB5CDTJCA72G8EACA8IS6Z7CA5LULSRCAK1SQ10CAHO6TSNCAGBB92JCA6SPE9RCASVHSZ8CA0C9XQPCA5XVDL7CAH595EZCAWZ3A3PCAGLSDD2CAWAJ16WCA3QE4CDCARFHV1PCAPMKCMWCAY8LLVZ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\Z4FPCAR00PS7CA1I9AT2CAC2NBRCCAHN9GWFCAFR87JWCAVK5U5OCAT0K6PPCAYISES1CA8TQDOJCA4WHHNXCAZTS856CAWC2PIOCAELFVJUCA344VVRCADEW0V5CACE1IXDCABDG3D2CA4BPMMZCAQY1W0J not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\ZSY0CA4156OXCAFWYN91CAL8M8ZZCAM42VMDCAS8O8VCCAJ726XDCAXNUCBFCA4Y3DDZCASACOJJCAW3SA0ICAC8XSTZCA3FF591CAOBW1DGCAL4BWSACAXFW4XSCAROJ7YUCAV2HUTVCASNPW5DCAXDS5X4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\TZP3X0WQ\ZZ60CAUMYGJDCA8VCNWXCA1IV9EVCA05A2K0CAVUTCXLCA2V66LDCA8B2XWDCADWOXIFCAO6WIDVCAJ3J1RCCAOJNAV8CA0C1SRTCA57MWCUCAGQIUBDCA58LMVWCAS3D7Z9CAJYR627CAF0BX0WCA8X22H4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\0HM0CAR65WHQCALHH7C8CAJWRMAMCA0TJEKDCAYOAU2NCAX6NNH9CAPVN1H8CA0E2L5VCA053SCRCAHG5R3XCA51TEDHCAU9WLJOCA3STIPSCAPVHMJCCAKX39R1CAFJ3OP7CALHA69ACA2PX5LICA2E5EK9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\0QQ9CANAU1QRCAB16OC4CA5IEXJZCAQNO0HMCAH4W4K6CA0JP6NGCAWX3LQZCAF8TCKWCARHSI1YCA08RE05CA6EW0KKCAA0GP41CAKOPIPACAXADFIHCALY3567CAL1AO2QCA9ID37JCAGHBIALCAJ184Z2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\2B2VCA7BWE1KCALI020NCA8VRLKECAK8VQUZCA8IRGCECAOI2HN8CAZUT8WLCAYYVI7TCA9WF7AJCABT8OTECAAT8WZGCAPQUV60CATNS11MCAMN8HPACATOPEGECAOQFMVVCADTI7S0CAUHUSKWCADBD0QC not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\5F0QCAETYIVPCADRYGH0CA3FPDV8CADUMC81CAG1IJ4XCA2ITQUECA9XZ13ACA0N92PBCA3VTNRPCAE58QZLCAD90SC0CAN37GFECA4YTSUICA1RHQ8MCALGB4QYCADAGYHICAJKUDTVCAJCEM10CASBWSGG not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\5ROACAB8WNW8CA3QEWVKCAH3JZCTCAGPQ1UWCA0BI5ODCAM1PWWBCAGMVO2LCAO86JVVCAMV94L4CAG20XG3CAA8YBJHCAKD3Z21CAU2ZCYJCA2XJRNSCAC8H0G3CAF3QIQSCAQHWOB6CA8LCLY9CAP6O6LD not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\79YICAZTS6OHCA9AGT5LCAL340FRCA7D5RECCAR1AE2LCADKGCXDCAK0TW1OCAZMC7B6CA2A4YWDCAX0O8W5CA0F562PCAZJVYWXCA17W73ICA9B2FOCCAAJB8AACACTLQX3CAXO7S2MCAU6A8L6CAR5GW8O not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\8HNCCAU2VN47CADMTNVSCA6R4EXSCAIQ4NKPCA3LLVDPCAEFO3TRCA6XW7SWCA250FKFCAKEA2OYCARXKZ0FCA070C70CAAD805JCAPTNJY7CAZW8U19CACKQ1QKCA19H1SSCAV2BFDSCAJ96QAQCAP4CPE8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\8UCCCAOJSI7FCA7GMO5NCATE64PQCA0Q76IJCA9JJ2ENCAISORJ0CAHBGC3FCA38VIUFCADHINMLCAACIWCNCASDAKOOCAZGQDY2CA30ZIJ2CAFHKOM8CAVPXKXFCAP52JWDCA21KRWXCA51OEIKCACZ37RK not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\9IV5CAX0BWYWCA0VCEH5CAPKKS8DCANZWWLXCAP0TJSZCAIW174BCA5U8DLMCAXSXN0SCAKTA1DKCAJE3D7GCAVSG2OECAI4SO5OCAXLNW4OCA5PDO5PCARFCVRFCAFJQMNQCA01R3IOCAIZ60PCCAA1ZZFI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\9T7CCAS75RXTCAPR2S60CA6Q60IBCAHR5YX2CA5FUWABCAIA4F0NCAFD62OYCA51PUL3CAEVKM2ACAYPBKCACARB1O25CASVP62VCA5A7BD7CAQJPNURCA67OXJSCA1WY42PCA52C3WKCAFFD6P2CAO13T09 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\BA05CATZHG91CA0A4JZFCASIIR5TCAMOBLS6CAO0JXTWCAOXRGLSCA5M8FKZCAWZH3CGCA9G30LBCAUISH7QCAIQ93F8CA3OJ9O6CA9LAQBKCA04RNG3CAOK0FFBCAX9TJGZCAEK2BP9CA0YNGXOCAUNALWX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\BUJ6CA9NCIDHCAQB9VA0CAUCEKDZCAJXJZS3CASXJBHSCA2PJ2MMCAWR2A1XCA8DS76FCAYSTBPACATSIU83CAW78TJ6CAJW6313CAGV399VCABFFGNJCASWAFHRCA879AUOCA2SNJ6FCA1HUCAACAUYI3MZ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\CVFNCABEIM5FCAA5QHFGCATKTRBHCAFTE1DKCA8P7BI1CAK0XEUDCAG4PHISCAVH37HNCAMMS32SCATNOH5ACA4Q7BVNCASX0L1XCAZQN76NCAGMK78VCAUD3CXQCA2CIJ80CARUP427CA4GF7H1CA3L55Y7 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\E4J4CAI43PEYCAPVK12DCARMNPM2CAMQS758CA39UY62CAJ4H6DGCAD69MCCCA9W0YNWCA7SQZFACAJB0WCPCAU0R4UHCAW9NSZJCAPZ8ALJCAK2T5D4CA21FWKVCAFIBJPACA7478FECA8ZMJ0FCALOUFN6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\E8PHCATZ6GAZCAXFX7FMCAG9EXR7CA62MDU3CAW4NIN6CA7K22F7CAZR60PRCA2BH184CA92ZC2RCARCY6RCCAWEEL1ECAUTD0WSCAD6OEX1CADE96YGCAMYNX7TCA6NBUKPCA0CXBXDCAWSSCT3CA84YBL9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\G302CAQPJK7SCAXJX397CA5SU12HCA4IZ9E6CAH5V82LCAC8U362CA5EOLETCAZHZHSPCA2K3Y2HCAY2I4SUCABJJ8DECA8UNV09CA1NL653CALDVW0LCACZLUG7CA3M8RMQCAEMM75ACAK1AX0SCA1LKL81 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\GTLCCAPH7FM6CAU3WOYHCA71X6T2CAZBA369CAIRNDGKCARB044OCAYX7BOJCA3CJ8O3CACXTCNGCAQK8PNWCAGCSVZNCA5R2PHGCAOHXPSLCA0VXIJBCASRLMJ2CA4KRHP5CAN6BE0PCAEIRHLMCA17STZ9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\J2M0CAGBO5WHCA3DWY4MCA4H1J82CAETPL6ECAKHQ7TSCAO3RO41CAY6CT8GCAPP0GE9CAZSEUFQCALEUHY8CASJ8ZNFCAP202RDCAZU6M6KCAZU2HIZCANLQ4E4CA2WXW2OCA187TCUCAG3LIK7CADHJZM2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\JZ3MCAINF0BGCAILD226CA8XY5R4CA31H5O3CAN0LO2WCAOTBN64CAT8UFWDCAYB9MTCCAVTUQLOCAG1G3Z0CAQ9TIPFCAVMMSZECA4IEJDSCATDDV2KCA7LZANCCA3XF0T6CAQDSYHFCAJ0FNRZCA44AUF5 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\mVsA0pvaG4gTWNDYWluBHNlYwNpbmxpbmUEc2xrA2VudGl0eWhvdmVyX2NvBHVybANodHRwOi8vbmV3cy55YWhvby5jb20vcy9hcC9jdm5fY29udmVudGlvbl9yZHAEdmlzaWJsZQMxBHd0AzAuNzcyNjI3[1] not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\OJW3CAGJDLUDCA1DMD78CAPIOFELCAN0ME40CACRY308CAJ5S08PCAWB21AKCAP0QR6QCA4JNJWXCAGCPNEVCA07GVRYCAC040B2CAK139K7CAA3AHC4CAKNCLJICAGGG47QCAAHJE80CAPK3NITCAQOJ4FS not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\QLS5CAYLO47WCA78Z6IDCAGDAGSICA8OHX99CAOPR9YGCAKMCV6DCAAW91PJCAQZSVLICAEYP36JCA1OE5LPCA4CSD04CAZM7LUZCAOUFQ2MCAB8H2MPCAUSLOR1CA5PA7M9CA2N12Z1CAIZTSKJCAF15625 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\QXGJCAHDVY3WCA24QCXGCAWOJ2QZCARS4OP9CAKBARMICAREI7BZCA4V0775CA7MFYMWCAUYC3HVCAGWZNAWCAD4B85YCAAG6UV7CARAZYEYCALCUT5LCAQMITXQCAODW305CAPRCTGYCANF2LXACA4HMSL6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\RDUHCA32H0XICA12CXH8CAJVC3OPCA9K0DOSCAC1QLLKCA0HU6IHCA29MWIQCATX8A53CAKONIU6CA49PSG4CAGQ50TCCAA6H6C2CAGE6LDPCAB64TH9CARO35XDCA16Y7AHCABW2DXACAKA2Z5PCA8GGBMJ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\RU1BCAF77S58CA2YVKO3CAOL0JAOCAYSDJ2WCAPCS8IRCAQPN25HCAL4MQ25CACLIKQCCAE9CPZFCAXIX3ICCA0ZHYS4CARZZYV0CAOOAFQOCATVDR6WCA12CNYUCAO2W5ITCAI43X3HCANTWIQACAOGTL4S not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\S3OKCAKOFLDNCAZ0VCEQCAKB51Y8CARMH3B4CA5TIA7ZCA6ZZR7TCAB47AUHCAL6EMAYCAM5YTOQCALP83ISCAIDKN9XCANQFBBTCALY5C1CCAKQ0995CA2AU692CAEA4VK8CAWI6LYBCADCGJ5QCAYPGNE2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\TRIPCA2E37P9CAXCTMFKCA60BKJXCAVK94LYCA8IHZ8GCA1CXTGNCAUFVTA4CAH26BJPCA2X1IIBCACFQMJ0CAOBHS6XCAUBOTXICA6IV6SICARHKEEACA7P3X6MCAJUB0MACARVB7YXCA6DBLNPCA7VCH31 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\TSGHCAS10PVACA8J24CDCA09K71VCAHRU5M7CAK5JBN4CA48IAR9CAZQ8064CAGJQECZCAIPX8CZCAYZMNK8CAGZFBHHCASH28ISCAR4C4QVCA38FHIGCATWYT28CAJA00VQCADRORB2CA8GVTYECA2IIOE7 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\UVQDCASD0PIHCAI84OLACAVFQ7NSCA3RL1QTCACNB9ZGCAVBQWWQCAFIT1EGCA5JYSGOCAX3JDM2CACTQ5YJCA2K43MICAKW6YEOCANOCHTFCA1P7CA7CANQJML2CA2CL08UCALVHY20CABD7JBZCA67W2OU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\VD7LCAQUY0ZKCAY14L2CCALR3TVNCA9O8N4ECAXA6OYFCAEN5ZZ0CA3L1K59CA1MDUFQCA6QG4RHCA8QITP8CAA9BJNGCA11BP95CAZMZCZLCAXRW73CCAHRSR1HCA2HBY33CA8C5FRGCAJIUJJYCA80XKE6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\VUR4CAOOWOHTCASKQEUOCA6JNQ98CAGJE7SJCAQGIAAACA79M12ICAO13PV8CA5I4HRCCAJXST13CAELFOM0CA08CKSMCANO4BL3CANISHZACA7U2OSECAO5W1EOCAVU6QWACA3UWCADCA918L81CAAX5J34 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\WG07CA7P4T6FCAG0NIS9CAJS7QCFCA1JOCVJCAV0NBT9CAB1JR0ECAD68WU1CA2204IFCAL8JM6JCAJ7QR7YCASXP29CCATOVP92CAIDUEMRCAM3Q7RHCAOX888BCA8KRGWRCA8PJJMECA0PF6MNCA1V9I24 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\YHJHCABMGJOUCAFTN1WECAEVFKFSCAVCSGMRCA6JWNT1CA8BQ90LCAA0O0KYCA4C9HXDCA8XUE13CAPZXRKYCAJ0LM2BCAXP2WI5CAR6YW9BCAQV3XFOCAVNTOPTCALJQMA5CAYVSSQ0CASEI36NCAWYT0LM not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\D9Z7P54B\Z26NCAVV1YMVCAJ0TDP8CAUY0UOLCAULQ00ZCAJ6RIHRCAJ259TVCA0HFPHZCAFCU2ASCA405U15CAOZ7VD8CAHMFO2BCAMUGU33CAGUD16NCA21149LCA5QJM6KCAFUP3VSCAAVYPW7CANXFTHYCA1OCAMY not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\01VBCAQN73UXCAVVOQL2CAAZ4VYLCA78TK4MCAQ5Z53RCALBQCZ0CASD98E2CALIL3DWCA1IDCBXCA8FKXFZCA3H3IR8CAE8UG2MCAFYCMNQCA9JTXD1CA8FX7SWCASNMEE3CAQQ5EAUCABTH98CCAC5JNQE not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\0IXICAFQVNFECAKJAT0JCAOLZEAVCAY8X4GECA87S5H9CAWHNMOACACF1IA4CAJNPDH9CAXWJRINCAS7F5A6CA3NDR0RCAQ7HWQ3CA58D7NYCA1IIPW1CAP4HPU0CAAV4X8NCA95X2PWCAPSQ9GVCALKMIFK not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\121KCAVY2C7ICAS3V9VUCA6A03G4CA53QR20CAJUDTYYCAAM4Q5WCA2OR44HCADX619MCAZW35SDCAU1A5IJCA3AD3P7CAGEQYHZCA2P3EZ7CARAUDOSCA1WGYZMCAH2C56UCARQBY16CAXDJPWICAIC3NCF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\1LPZCAT008WHCAGBVBAZCAY5R33MCA3LYVFHCA9SDN4FCAQKLU2RCAJR8WNPCAAV55HKCA6KMYDMCAXE43UJCA0WWF5YCAKC3PIVCAHUEMCWCAZITNGSCA5XR5I8CAZOZUO6CAFDCQYKCA8N8WT2CAMVF7FU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\1PUUCA6Q6IAFCAJMBS2TCAG07GZNCASRMXMGCAGYCUFHCA66GE4CCAB53Y5CCA1VY15DCAY1DK3ICA55B1RTCA5RWL95CA56JLWFCA0W8VOYCAHKPF9YCA0TJMHTCA3FI25SCAEX0GUACAMZKYM1CAD85ROI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\1VHQCAUXFZXPCA0QD90ACAL7K81VCABIHTDKCAMBJ3MPCA5V2PVHCAMU99G6CA3T1WCHCAMEWRN3CA6AMRE8CAJS4D39CAKBM01ZCAO250HYCA07SE3WCAEWOYWACABO46G7CAJFDEXLCA8RO6RXCAC2K68X not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\20TOCA0A1I6UCA61BNI8CAZUY7YRCAG1ABY3CA7DCASQCAVAUYYTCA0LMB2TCA65BVVMCAMOZ8E7CAW3QCPQCAWIH2IHCA6VOF6CCA32EIOWCAI7H6NNCAPHBV69CA73DFKOCAEXNRCMCAIISBHQCA6FL64F not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\25JOCA0AJBRLCA1IODDWCA9D8AHQCAAMTSKSCABN1V23CAHV6TPRCAOENF4KCAPOKEUICAJHM9CYCABXX0B7CAVB2A94CAXUZKVQCA9MEDZICA1J052OCA05JRKNCAVIMQ3BCA6IGKDCCA8NXN2RCADQKYG2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\2FHKCA9PMEQXCAK0ZS8GCAABH4QWCA3V250ZCA6BMT35CASJZYXFCAMDZ57BCAZ1KR7ACA4JQVGOCA0YACAXCA8XZPDFCANJXEJPCA4572KMCAPLV3JPCAAGKXD5CA5GA4FMCAW4UPG1CAUQO8TYCA4LUTVC not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\2IMSCAZBZGT2CAX8S5XACAQ8KR5HCAJITPYFCAH7U0IWCA38ZSEMCAXTNA6PCA3ZSH41CA66LQAUCAPO34IXCAUWTECUCAUOUO7UCAAXVO8OCAR7LUN6CAXWCOHXCATDXYKCCAQUBINXCA7MPWIOCA0S3B90 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\2PBPCAWR6QSACAOIJ484CAZZCKG5CAW7ML30CAKAMBO7CA1D16M1CAV0LEL7CAXRI4DECAJ3ZO69CA8DIEP2CAMJGE1NCA18VUNZCA9LZOUBCAPYZH1MCAO1FY7OCAZ1NQNTCADFIF3VCAE2TYKTCAV8QFI3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\2RN6CA2XC24SCAQP39Y6CAMT42PTCA9J1THACA0CPVRHCAGQAXQRCAP2NN18CA84QXUVCA8AJJSQCA6Z0VFNCAX7QDPJCAJX1SMICAPV4LABCAK61XV1CAKTFEKQCA9EM1KRCA9OL7QGCAX53I2MCABYGU2U not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\3F97CAXB6T0CCA13696YCAXB8JG3CAT4LGBWCAWN0EBWCABXSD57CAD84QE6CAK2S32ZCAJV4MCOCAG5WSBOCAY0YYMLCAO7KW0KCA45FLB0CAWOUMAMCAHYPBYZCAJCW0Z2CA917BFGCAQZ5J7QCAIMFWZ8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\3NFLCANRN7OOCA91L142CA43A4HYCALRJ3I6CAPP7JVTCAF33CQICAJSGY0DCA0VOED6CAKAHXS9CAP6GAGJCA3H7E2NCA3PHRWWCA3BT2X0CA96OWQUCA9Y3Z8QCAE4P0FCCAI1NKG7CABWGR2JCAF8Z5VX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\40QDCAZTTUWLCAFQ4MB3CA8LNESJCAF2LJO0CAULY9F8CADDDBJMCA719TWECA7ZDJ3TCAHMRE3QCAN3WANYCANTZG3ACAG4YKS5CASGSQK3CAJS8GVBCAWQ93PICARX10EUCABHBJI6CANI609ACAZK60HB not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\4G4VCAW7NYJSCAE54NSHCAH5KYRXCAB1HLF0CANZMTZGCA3IX9STCAOS1C4OCA2BAEN2CAI4OGJ0CAHE64NRCAL74M4ACAP4AMFTCAP01FAOCAI7T6W8CAGDPZ9ECAY2I04BCAQD07PNCA1HRQF8CAFTSROA not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\6BFBCATQEDHECA7H3OXECAPRW56ACAT3B018CA7A05WSCA9QDNLKCAF97SDHCAF5B1P2CAUO4WFFCA5LFNSUCAPTQFOXCAPGZ9LRCA9O34TWCASFE2DACA2GFFS5CAXV0OKKCAYTFO6DCAI1IGLUCADU6BWN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\6G20CAY1PTI7CA7LLFWUCARQGK7BCAQ57QCFCAGF0PZSCABCZO9MCAJDNRFICAW3J3XSCA7JG1HPCAAXED79CA0S398MCA8M2IHGCA4Z0VSECABZL8FTCAACF5XICA60COB7CA9OKUSMCA4NPLSSCA7UBGSB not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\6H4CCA3J46MFCAKZIO63CAWP2NNACA9ANP6PCAD118TFCA7CP964CA8HKPWSCAR0JWQOCA1CZB9ECASLW9EJCAMVAPHYCAAU2QUCCAMA6IGOCAOPFEQPCAS4WXPLCAW757NKCAJSIQ27CAPX7OCFCAARY3SY not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\6V1GCAM9FB9OCAU96OTPCAW9LYWNCAC2LHJXCAKROK59CAP5MTKECAJM8ZC2CASY6SE2CAIEOJ8ICA3JC5VRCAQGGPLICA90WDVVCAWWXHQSCAARQULLCAF5A9W5CAJTZZUACAVW3J1PCA0XNC53CAJ71KZ0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\6XZQCAY0DE9QCAHOUS0ICAYNMUL5CAVOZC1CCAT58NLMCADQKPC9CA0IQ1EBCABUUUPACASMSZ73CAQZ21B5CA0QJ365CAMXUZ6UCAICKUGYCA8DJVS4CAJ3WHLLCAHPZBFZCA38UFV6CAGV1J0HCAI27URH not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\7BHBCAJVW6M0CA3ISI9TCAVX0BHNCATN3D7KCAEIEIRWCAJMAE99CAYCRRRZCARWZC3NCAI46QEBCA84F598CAJC4N6PCA0AZR6VCABU5IQUCA4EWFYVCA1AZ1LNCASXWSBJCAWS11GQCAOYOO5BCANPUSTJ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\80G5CAKNIEYKCA0I1OZKCA19XJI5CA8S78ACCAX3P5QRCAT6AH1OCABHKFYHCAJVMJ0TCA7BOOUUCAAY0BRGCAPLU5ZUCAETQKTSCAPU2X1WCA75NMCVCA2DL2BWCALLMFCJCAI41P5ECAGKEEUJCAH0J4HR not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\81YLCA5VO6DNCAJEFPK0CAJPMD3KCA6DUJW9CA3DJEU9CAVW3IJKCA1KQ3A1CANL7SZSCA0J8LEPCAH0ZE1PCAADIFGECAGG9BWACA4HAPFACAIQ1MY5CAD9YPJ4CAKB7KBPCAFJZINMCACVBJICCAWY2BDW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\8BO6CA57VBPWCANE0S5ICA5X1DV5CA0VB2LGCAX023AVCAV1T3AICAT9QSP7CAS19TRPCA40W6OOCAN82VX5CAJOPGD8CAVXDV3WCA36186BCAJWAIQDCA1KATUSCA8DGV8KCAAO5NFPCA5ZRY1RCA71F4UM not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\8F6ECA2840QCCAZ4MRXOCASZJFQ3CA3E22T9CAB1IQS0CAHO5YUOCAONR2ZUCAE1OQ7BCAYCFB4CCAECCWZECA7Z6OJZCA8PS6PJCARXJV03CA69PIOZCAUG26LLCA2ARTMMCA9M4NX2CA0V6CRMCA1WN6KW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\8V58CA69G1N3CAU4EMG9CABWJFWPCABA24HCCATH7QYACAMIBUO5CA2FHSGSCAQ3XKK0CAIN43UNCAZ2HSBACA8PKZ6ZCAY991VMCAW5TVEECAUECFVFCAF75J0HCAX3GHYMCA6YU9IOCA9QX6T2CATP622T not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\8W00CAW4153ECAEUH6GACAPX2SU6CACN2861CAUEO6JSCAWMDDVVCAQLJ18ZCA2C23R8CA4IF08ECA3WLPTHCAKY3X3QCAA3DH6NCA67P98BCAQEHZMQCANIM7U6CAJFGFVQCAV0R8EBCA6HFDJYCARTQP2T not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\8W7VCA57QO4DCA8DXI5TCA1K61A2CA7SAN0YCA2FFPJTCAKYEJT2CA0P672VCAD51J0ECAZMK9SMCAER6G9TCAP3N7I3CAU5L1G9CAVR7DZNCAHXPDSZCAM4NDIECAK6ZLIXCATSPZJHCAGZLFT4CA2KET1X not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\93OJCARGWW3YCAFSWPYUCAK8J5LSCAGPYV8HCAALANZOCACBT0IECAHOKGL2CALY8G52CAIR8B81CAOZXZP4CAUU5W79CA0NMSTACADWPV1KCAWJ80FPCAHH1761CAI8210XCAFF90H4CA5D58KRCAKOTBPW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\943ACAZZ6XCZCAOUWN50CACWGUBNCAI9XUGQCAZBPY14CADCX953CA9H33VGCACZ9ONXCAJGFA71CAMO96NICAM8OMJXCATYSYUTCA8J4CNRCA0PBTAJCAZJJEKUCAVXMMRWCAI4NDK1CAGVK6ZCCAHXX17H not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\9EWJCAGTBUNPCAJJAQOOCAC53BQGCABWO1SJCAZW31DSCAH3J665CANC5TESCAKP2536CAPJLOB8CA3WHE9ICA59KLTXCAZQJEM7CAY1OESECAVH4X6CCAB2ZCUGCAE80J35CASWKTTOCAAKO2JRCA48QHW6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\9QMKCABXQUEVCAFBF4Q5CA9MGJLICA8HTQJMCAB0I9D2CA4GOM63CALBZ5NPCAXTOIM7CA82WM1RCA382RPMCAJ47HYUCAFE18M8CA40THBHCA0Y4JCNCA1TA936CAHG5HDZCAI9QVEICAL188PMCAE6D0AC not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\9VIDCASWJRZ9CAX1CTCCCAR6IFPKCAO3E7MMCA62P2ZGCAT36X8KCAGFIIDWCA92DP0DCAGPX29DCAHGW87TCACKIGZZCACUZ02ACA9NMHP7CAXMZUJ5CAAHN1OZCAJBYXMQCAXBHXY2CA8YSO2NCAPUFJHQ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\AS6ECAYBHMBSCARAUTYVCAXGR36GCAHDXAWRCAU3WIBACAJXKC83CAKUE6FOCA3NAMEDCAA306XWCAFJGOQ6CAVWRZ4DCADAUGI7CAUX9LOXCABS838QCA1ALJAOCAYXV9OICAXR86LKCA6D1YPRCAC21EY8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\BO0DCAB1RWMICA8T7PXXCAUH9R2ECA022NEJCAG0FVF0CA2GLMHKCAR8JGYXCAZ0DARZCAJJ288SCANA5FZOCAP0PVHACAD45KSOCAIPI6FACAJO9YKVCAVVC645CAEA7VI9CA4EFPFKCA7SWOFKCAEIFEKT not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\BTU4CAOY3L3MCAHN8ZABCAMF2GF7CA6E8G56CAXCYFV4CA0CDUEFCAN44D7NCAO1YQY1CA8507LECA2KGJ4WCA74TKWBCA2R9BCFCAO1JET3CAPH7238CA45LTUXCA7MZCWZCAYIRFGLCA9RM0SHCAI5TMFL not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\CAXV6C1HCAZAOY7YCAK200TRCA0UY3JLCA9P4R2NCACCATHACAYK35Z6CAA2R2Y5CAONZD7VCAXMJVINCA94B7OHCATMH4MVCAI8NLHGCAV5NF5CCAGCQD3VCATRVJYZCA4IUZVUCA4271MACACJSBKS.gif not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\CMSJCARCR1BVCA5OSJUCCAI9028OCAR68J4BCADRUV12CAEOGBW8CA5RUV5PCAKXAUWSCA0294K5CAPJFSA0CAWU9MFKCA0IOWGJCACC443XCAICVN82CA0U52E9CA0QACY2CA1HLO3NCAM2SNJ3CADGKP20 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\D7WCCA8XP8B3CATXO12OCAJ83NXLCARDEXSPCA5NR3ITCALXQ7W7CA77RMLMCAUDWS88CAIPI2Z4CAWTR7RJCANBCFELCA92VPARCA81RSPXCA8DYL78CAOFPIDNCA0WENFECA4W640OCAI1LB33CA0MVPZL not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\DJRPCAL7WG3UCAQHP4LACA4VTYS0CANW207OCA97AQO2CA02R2D7CAGSVBGECA78D9DVCA18Y44ICASVW65VCAE8GICQCA5MPUFBCAGKPMCUCA4M003TCAQA7J9UCASR7QRTCAX94DBFCA8O24PZCAZ0KX9W not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\DNSJCAGGEE6OCAX3UQL5CATFE0MJCA237X71CALUZO5OCAQSWWKQCA0XLNELCAYANZV7CA3VZR4NCARC4KFVCALOGFTXCAE0RTFYCARIFNUPCAB4FXPJCAFISTMDCAGTKTTZCAYIRF72CARVWN9ACA7AHVIG not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\EA0SCA7JJ5ZACAT16JT5CA6MCR8SCA6PWTY6CASLJXLECA6PKKA1CAQDRBNGCAF10SR7CAU1CBIQCAEU2Q6HCA0NIE0QCAHWVE7MCAGFS9NCCA4ZT93SCA9BPAADCAEONU3TCA4PAAFFCA2IK9Z4CAUXZZRN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\EIXMCAY2CHKFCAM9982RCAYYB65OCABVC434CAVUYMIWCAJY6LJICAM2O5CCCATEU299CAP34OCICAK1U5DOCAUOV7VDCAB5OXOYCA845WVVCA3H2QVGCACP7SSXCAMSB42SCAI79EJWCA3RXYUCCAXYZL8O not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\EJACCAOWV4FKCA5C0KH2CAH772J4CAB8Y12PCARZRUBLCA3HDBKJCAIJOLNLCAPXXF9CCANFT9B9CAJ11Z3ICAP2SVJ0CADISV50CAC1R36QCACEIV3QCA2W8UUACAGHSR0RCAD311TJCAPUIJ92CAWFW3FE not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\F1I7CA2HVOTRCAZ1945ZCAXITCN5CAVLS0N8CAPBS6JNCAUXQTOHCA2OX7RDCA7195P9CA8BDB2DCAMDU05VCA2JMUCYCATMRAS1CA8IGM8ACAH4EVBJCACJ9DJUCAS0I5I4CALB2FZZCAMGN3A0CAV99GBC not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\F6QKCAS5PYIFCAY5MGCZCALVH5KMCAKOFRDFCACBPACHCALQ8YT0CAFMZ97PCA9TQ0DICA03IH70CAE0UBBLCAO52GNTCAOTA9TNCAK2UM7OCAE6OMK8CA6G7PALCA16C2GFCAFUFW7PCA1HMBLNCA93LRRW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\F8LMCAR865JQCADA07UXCACH1FUQCAURUP6NCA5QDTDDCA6Q934ACAI3UGL1CADIZBO2CAX5TV7BCAPPZKMFCAY6I30KCAVN119ICAM078F5CAVT18XWCAP62TQJCA4X9HZPCALV4YW1CAA3DT7WCA84JA7S not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\FMCWCA2IMLLACAQ5F8N9CASPOMCHCAZZMN81CA1BM89OCA1JW8QECAIHUMUNCAQ98CA1CA07YPG1CAT3MEFECAIWYEBRCAYS02QLCAYN6LW2CAI63X9WCAR46GFUCAMJTAROCAM01MFVCASSKAYOCAX0IHVB not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\FMHXCA2AVNZACAJM2AK7CAQ24X99CAKPWEH5CAYVW3VPCAGPF56ZCAQHYPDECA8R5WLUCAWJHPRYCABPDD7JCAQF5DTPCACZK0F7CASQOUVGCA4COV7OCAHP2AKFCAP59DYUCATJ2U0CCA38V9ASCAPPL9AR not found!
     
  18. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    OTL-Fix and Security-Check logs (Part 2)

    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\GR1ACAYZW6V8CAI76W8ICAA7ATHDCA0XXYQCCAJSOX4JCA440PUFCAH6N9WTCAH66RJHCAM5MVQVCAJXDBZZCA1SGIE7CAQDNZU0CARL13N5CAO3LD6MCA21HK8JCAHXAFWHCATE1Z92CARK2RKNCABNGF7I not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\H1MACA8SD3QWCAYFBE90CAMRLKLQCALK64JICAAVN0HOCADWESFKCA12CV14CA3Z364ICAAWDSD7CAGVGMW9CAHSVUBBCAKO3M8VCA5RDHWSCAM4ZBVDCAH5QC5WCAZQJ3UOCAD35KAECAK8Z56WCALN2CYW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\H4UVCAGHUGI2CABYPWE2CAV3FBT1CATLLLTWCADLAPQNCA9I33S2CALIPFIFCAER500ICAVH2SXUCAICMXHLCATDA4C9CA0LFBDCCAX8INEGCATEQBUQCA16V0P7CA1YM87OCA2F20JZCAFC1ER5CAZTPTYG not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\HKKWCAM3VPVYCAKYFL70CAWWT84TCAOOO67LCAKO7X35CA16UVFSCA85FATECABE16CBCADZYYS3CAWZQPUICA4F7A50CA32L83JCAUP0ND8CAFMW0BZCA0CZB4RCAIKBPGBCALRHISCCAN3DAG2CA9A0ZJB not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\HUDECAV5CAPRCA51ZNW5CAA3L02KCAXTVP5PCA2MWUKMCAU7PQOOCAQD3B8KCA5F7QLQCA2N1ZPICA8MORI2CAA5OSO6CA9GP34PCAOKWH49CA3MGRPTCAACR1ONCATPIOH8CA5TWMFYCAZG1WZ9CAW3JSKS not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\I7PSCAHIIL6YCAXFIHEACAF3EDEDCA4ZLNCACAJZDGZICAXEW0PCCAZAZ3WGCALK2JKYCADX3M1LCAUMCHLXCAREQB1UCAHDSIS1CALL9G5XCA54ACO7CARK2H46CASJONDRCA7A69GJCA5NZZ3ECASR8GLC not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\INQECA8NNK48CABHWWGBCALE5554CAWQJ35YCAM18V1LCA57ZQGOCAON7VJSCAXUPPSVCAM622NCCAOPG6U7CAXCKUSVCAFSDSDQCAI0BMLFCAY6GUOQCA1TQ2BUCA2O0A0ICAFM4AT0CAOJKDG1CAAZ4AE0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\IWN6CAIV9FQJCAJFZGVZCA12G5B8CAE0CSHKCAQRORAWCA07XZDICA88IH66CA2TXD9BCAONRA17CA2R6DKRCA00J2KLCAXTEWFCCAGHJ0D6CA8P4X3NCA6CRJ8NCAQ34QKXCAQ30NC4CAS0ZEFGCAZQH6QF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\IY3KCAMKBJWOCAZ12CZACAXLIV5DCAV37OCICAZ74PWDCA8ZSM9HCAR2MA2ZCADIETA5CADOVTYDCA6ZP5CSCAKR5S5WCAJ4WJ7ICACIBLMWCAWFE6Y3CA0O2O6SCAKVMMFSCA042V9RCA5EF0QLCAI8SV3O not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\J0QACAEKDLRGCA15DTP9CAIEAQVRCAP4XY3ZCA4LLZQ3CAUTGMQ1CAS6CFNCCAJ2S4EWCAKYRVICCAMMLV9PCAJQZS81CAGUGWKPCALLI54NCAPOW5J2CA69CQ9JCANX8G68CAZNXNT0CAEBF2SUCATROJD2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\JGL7CA0YVE5MCA0A3BLOCA1WP9YFCAVSARKCCAH4J2CVCA14W2JZCA32RS8TCA5PLUJDCAIMPL19CAJOJI0KCAL8E8DFCAI77O03CAXB69M8CATQL4DSCAXYKDYVCA0K75O5CATIOIOACA5FZF90CAZ6JVJN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\JKN3CALRZP4ICA3A42OBCANVZB5YCACGBWI3CAV4WG9TCA1J9H7YCASWFTKGCANBRZS3CAS1USEHCAAEWTIKCA7L98GMCA6EGZJLCAONJ4DBCA4U5C3YCAQSDSI3CAXXK06XCAT2LLMZCAR0T4SCCAFRS0N9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\JMEWCAC07NBWCALXAZEPCA8OKE4DCAYF65NFCAWZ8GBHCA11C2T2CAU3BENOCAXTFXZFCAUMXURFCAE9NQUZCARRPIDECACZXSIPCA4IVZ5OCA832JV5CAR85F6LCA2806OCCA15METMCAUTLQ77CA00CJN9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\K0GACADCKISRCATJ0N6DCAS6VD7DCAX0QAYMCA3NOBHZCAWNRQIDCA2JQTBTCA777YY0CA4AK82RCA9J98KXCADJO6J1CAKK0PY8CAE4T0KOCAFEPS7OCATAC5CZCAD959ZSCA2HSKO8CADVH77UCAQID1MU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\K6NHCAGR9GY8CAY1K388CACZ3WFLCASOJ9C3CA53T2V2CADOQ0OVCADJM6EDCAT4DOH2CAP9JKK6CAU0EG56CAUD2EQZCAM3UA8OCA8O5AZLCAZ992JMCA4WUTWMCAF4M0L3CA4DJ0XBCAMBXNCBCA2OUXXX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\K8JWCAUU6PTDCAT3NQO7CAXDMLWLCAT4M4U3CALFO2FACA7X2M07CAD31SGXCAXQVUKWCAUE4AYVCAKKYZCICAKXRUZJCA6WOSIDCAWM4TA8CA13PLFQCAQIQ3Y5CA4FH731CAG3DS2RCAUN2GXICAJE0Y5Q not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\K910CAWDL7M3CAO91YIBCAG6U4HECAXHA3SICAIQP4XUCADS7N1GCAFVATAUCA3H1QLLCAM270UECAOIPHSCCAWY9ZOCCA27AU1HCA49N9I9CA34HQLACAC8HWO3CA8Q2OZXCAU5EO2JCA9NGQN9CAJTQ04Z not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\KIAHCAUL2W5ACA4JT2YNCAXLP2H0CALTIAT4CAMRBICBCA160GNDCAHB2P8QCAK40K2CCAHV1HS3CAUKOLKDCASHJI8PCAZQ3KEGCAILCQ84CA1HAGPICAJGN80DCALLDDW6CA7V0PQYCAQYGYH5CAQ61IVX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\L1YZCAC7UENTCANFJEOCCAG2OY78CA1N5POCCA5E8LCMCA1FXB0WCA39FAIQCAYIOTZ1CA8MGNU2CATVWNK7CA89T5ADCA0NIS9XCAMG3NK2CA53IWPNCAJYU92TCAFDRETUCATXJP54CACCGUQ2CAD33HT1 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\M2KWCA3G57Z9CACFUKUDCABCFYM1CA0C7QGVCA43RXCHCA1DRWE5CAFRHPEZCA6CLM34CA584ZD0CA2YGLU5CAQUCZ6GCA7A7GNICA0K4LWKCAMZ45RGCABS7G4UCAMOQQZJCABUHH2ZCARADNOKCAZIKZT3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\MFX0CAYXU3XVCA0EFPOXCAKAGARUCATILSI6CAB8BNXPCA4F8HVECAR8PG2YCASCYSOYCAYAD3NECASDECARCAKHBVNKCA037W8ECA1EI4B6CAG8F2L1CA8DJCRXCARN9E1WCA9JNLQVCASTSHMKCASCRTZ0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\MJCHCAFE0IIJCA0HM1WYCAEXV56JCACT5QVBCALFHY92CAMNFB04CAZF2DAZCAMOZ44ECAHWGHK4CASFQ747CAIYGWT0CAB3RINXCAFY93SYCA6JVEPKCAEROTGICADF41RUCA6Q2OYHCANXUY1SCAA1B6KK not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\MN3OCA4OV2KJCA2D1ZNZCAA4AQRFCAQ7OTX3CALX575MCAZDVPXKCAS0JWHYCAJQMYRSCAR4ED8ZCAIYFP1RCAI0DLBHCAGIMCIXCARSRA28CAYVSVP7CARS0N6MCAN02XD0CA3GA1HQCAEL6X2SCAIVOC51 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\N9VCCAIF58GMCA2JKZMDCAVPVW6ZCAFYIU6GCAS3DXVQCA4LB6CTCAOMUMO7CA3ZMFXXCA39ECR3CAB2ICELCAES3SE7CASNTLSRCA3F0LJWCAX2SLAICATJDEVCCA6GWDWLCA5D0OQGCA2ALQTCCAG7CBHZ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\O5M7CAOPLQHUCACHDLNXCASG2WVJCAMAMKN5CA8AGDLICAXAT3NECAISFNQECAPOIZCYCATZVKMRCAH35I24CAFVO6XBCACF8K73CA8VZMCKCA0BZ4ONCA3JO77GCAY8FBLTCAVHYP5OCA7TLXIUCAJSGWDI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\O81FCASLOEAMCA76DFDTCAVTT9F3CA1APDENCACL2ISFCAK1GJF6CAPCVXDOCA9V65CVCAVA6Y90CA2SX2ZNCAF1BC6NCAXV3P5ACAR2NBT2CA8XMWAQCAVRZV5XCAW847J4CAIKPA0VCAAVQMNLCAHYMTFN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OECRCARW4X4CCA3KP4LGCAED96ECCA5NKTQDCAC9J3Q5CAXWU2V1CADY6EY2CA4G11B6CAP1BP5UCAT8NFKPCAR8SAZTCAQA2AXCCAEIW4SICA193TSJCAE8P9KXCANWLFHBCAOR07Y1CAPXVBGNCAPQ6B0T not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OES2CA5RP3ELCARSOW49CA662FWMCA0B9Z8ICA003TFNCAQD44HTCANSAVBGCALRFBCDCASL0XWPCAEZAMWSCAPY1PMDCAQ080YKCAOUZJGCCAGGL4DWCASWDJM7CARUO5UMCA324RZKCA4KGL44CAZE22U6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OGJRCA33LWQ0CABJUR0GCAOKBAE6CAQS7SCPCA2ZOZZCCAE3JK0ZCAJP395MCA24OXGZCA6YEJQ6CARPWYJRCAJHPUDACASE1IJCCA9IRJOECAK65NJCCAP5HZN5CAOJUH63CAKP915RCAYU1MSRCATB8NT4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OPEGCABLL6O9CADXRJ0CCAOLUR2ICAMKQ0JECASTFQ78CAV9WT5SCA8SBCLRCA1K273PCAHEZ4YLCA4J2MYKCAMN7FO2CAZNIR7KCA9F6FTXCA5DFSFPCA7QQKPXCANTQYTBCAEB06HECAEZ1K4JCAL4TEAL not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OQ7QCAUU6CL8CA7D444RCA4BAT6JCAQ8ONORCARAI985CA2FZ4R4CAEO0XOICA7NSPD9CA2A7NZHCA9DYBZICAUWUTXDCAMTD8XDCA0ZFY46CAWZ2M1WCACK5ZR0CAWJEY9VCACZDEZ5CAE5SFSBCAHF0AM2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OQO1CAI8PPTACAT0VYXCCAXF6ZO8CAPQQ6KDCA9HJRS3CA6ZIFXQCA30NQ0YCAHR19U0CAJGMYZKCAQJ4V3HCAWIVT6YCA64O7BHCAWCLPB5CAY62987CAP4NOH1CAQKQ3D3CASPTYGNCAWHVSGMCATMMC91 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\OWZHCAXPZ9WLCAW5QLJFCAOX6Z7NCAZAXUIACASRIAK6CA3ICJO5CA00Y7KZCAX49KK9CA63OQIRCAZT8WDTCAY09FKUCAHMJATFCABKGGPICAF7G67ZCAPMGAJYCADWEXT7CAF6VBENCAR08YYWCASMHGFM not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\P0WUCASLQ23RCAMT904DCANDZ86VCA50QQ6JCAXYYJU7CA2RUDS8CAXY3A55CAN533FSCAYL8GIKCA6G24ZQCAGS69FFCARDBE09CAL6JW64CASDLGBKCA9S8Y0PCAAGE0CPCA9544UYCARJL7C6CAQ19L0K not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\P23RCA2IIEJQCAOPOJZ2CAO6JC7ACAME35K7CA7592LVCA2EKPFGCA1ZJF3BCAPQUATICA8EO6RLCA4L1RAJCAKFO9SVCABLYOPSCAJCA9BKCA00BT0UCADQQIF5CA8KIRPXCAU21UFECA7FG236CAZ0Y49D not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\PP2ECA029KVHCAJH9ZJCCA8QCDZ2CAT13OJACAXIFSCRCA3415RGCAFSZOEICAG00XKZCACMP3OTCA4WDN30CANJBB31CAQGYFS4CAMRWY84CAD83ZNECAC25KNZCACGUU2KCA1PA6KSCAFS077ICADGIJK4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\Q8RTCA09YFJXCA1Q7RZLCAUOOPDNCA3O5TYGCAMXMSC7CAU50THJCAZ5MXAJCAFR9171CAJFPU9QCAOBV271CAGWZZOECAM1ZUG6CARC2OQYCAJ2IC2QCANZ66OXCAYU559ZCA2EIF8OCA8ZSG4HCA9PMWTN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\QR4VCAKBIERECAT34SERCA97PEV1CA60AT24CAZMW3F6CA1MLB0RCA1QRPTSCAX8EDYCCA37E442CAHW7TTZCAL4TN63CAG4CJ62CA7YFDFBCAEFUPD5CAPDKEW0CA5L4V02CATV3EWACAJCUYVICAPJF4MP not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\QTNNCALQI1SICAQ3M0BHCAO2EX7KCABXF1CZCAZOEKTGCA2WOWCLCANTT2ZGCALBBC4RCA03LN2HCANOBI39CA0LH11SCAULMQOSCAFWWZV5CANKLVFQCALP7B4DCAOT8M13CAS64KFHCAFWW73ICA6FNSVS not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\R30QCA670WIWCAP1SOKXCAKM9JTUCAKY8SU1CAP7H6SACAOMPHVRCACB09ZPCAV2A3VTCAJDK71TCAQ74W4TCA4O58SGCACK14HBCAPGC8ZKCAGNTBDICA02YV1ZCASL2BJ9CAP0NKJMCAY3J6K2CACY3D7I not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\R7SOCA33XFJWCAWH93PSCAUCNFAYCAGYOQYUCA5YFATACA7DZ27JCARBX9GZCAG9WPJ0CAFOUG4PCAK0W0NQCAO4LMQICA87G58YCAC2LH5ACAL3DCD3CARHRDC7CAQZ1YJYCAMI3RIFCA2NT8EMCAPMINL3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\RB7PCAAKOL1ZCA9V76F6CA5OJD51CAD7DWQJCA2MI4X0CA5DUIQUCAHGGNTHCA85HKS2CAC3LDWHCATT1D76CASJ386HCA482UDGCARS56RNCAGVIAS1CAAJ97LRCAY2ZBS5CA9JKVHFCAWXCF8TCA797VMP not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\RM6PCA5QO4LICA14WMIRCAYBZ4D6CAFLK2WSCA7SDGC4CAVO9J5OCAG16GL1CATFMNBWCA30QMIXCA2RFS0HCAQHLMYTCASCBHYTCA48SH76CA4I6527CAW5CTDBCAL3YA0ECA18EULRCAFRFEG4CAX02M8R not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\S1HLCA98FM0HCA2BHEN1CA0QKW53CARJ4HUSCAC9RFEJCADH84ITCAZWAYGFCATVCE21CA40SK4RCAKVTKZWCAKO19KRCATN1SM9CAQTIONDCAQP36Q4CAV1W11DCAF1JZXBCAXLTTZWCAAX7X7CCAYKSPEF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\S264CA27PLZ7CAB8VPTZCAE9FJN1CAA6K5G4CA68VNFECAE3UZ2LCAOTZAAKCAVE31ERCASGDRQTCA7D8S2KCAZHKERTCAZA5BCKCA6QPSN2CAWZIGQVCAW9HNICCAKYAD4LCABMYP7ICAG7NLMACAZUZPE2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\S7VVCARXJAN1CAXMIFI2CAKE8CBICAXVUF4WCA48V8JYCAP23I3ECAFOAOWICASKSJQDCAPXEVPWCAGSAFJDCA8NGB0OCACS77PUCATZIL2ZCAG0CSPOCAF3YEKHCABBM2JBCA9ZL2FQCAOHC4E2CAOJ3OXE not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\SF5ACAYMB0BECAURM5YVCAOOIS6WCAU2SZ6ECAF46A11CAAW76HLCAOW6PG6CAL3SXPTCAZE66YSCAZ8ZRH6CANWY268CARA1V4ICA961LKSCAT5HJFNCAR6B1JJCA3ESZ40CAOTQ72BCAV1XOPACAFWCTDN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\SLTYCAL82C1UCAR7OHLACA1CS0M8CA3N2ZEXCAFH75AVCAJ9ONOKCAX1TRGJCARQOZI9CAGHKE38CA6VPZ9HCAE7SI1CCASDY6SPCAQXCQ7LCAOZ4AFZCAYGVAZ3CAZ6YDWECAF85W4XCAW98U3OCA4HVCXY not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\SZSZCA53RNKVCA0SZH3FCANMBBMECAUC3NG6CAYULCFECAWOX6KLCARAG8YMCA9YVPDMCAQYTAMACA6A76EACARB7OZICA7ECPB0CAOPH6YTCA95L0WDCA7E9QSZCA6X3AZRCAFFAXHSCAM4H39DCABUB0SX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\T1IGCAI1CV37CAZZB1I5CAZTQVKMCA9097JHCATIN0ZUCATWJM2KCAMP8FIPCAFYQR11CA9DBAONCAZ4OJ82CASM7XCZCAVLQVR1CAFHOBD9CACEL8HNCAU2R7R0CA5WCPI9CAQGBMKXCAM4HYD7CANAM18B not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\T2H6CAL3PZETCA5HH9M7CAJORRHUCAY5UFAXCA9NUYKRCA2U8MZ1CARXESL8CAE8H8BWCAYKJYNDCA5MNJ3QCAPSO5X1CAB92YNPCA0LQ0ZICAH8F1OICA2STO3RCA5LEIC4CAM2YJKOCA8MY204CAO24RX4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\T613CAIDNNS6CAHNTEFJCAZTLC1PCANDHTRCCADYOH84CA4V1WUPCA9HEVOMCA6Y59DVCAPJ1YZ8CASR1D3MCAPEGJE2CA4VFXQICA3CSL0HCA61FO9ZCAM4EKJMCAMRPV78CAQ3C6CDCALGBYHOCAHY1ZJ4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\TSN4CAYI1NOFCASSAZ05CA8O7A6JCAOL3T4DCARQ3BRHCA7ZVU3ZCAWBRAINCAPJ3UTTCAX2JFDTCAPO6IKSCAS3OD8OCAGJWLMGCA3I9P0HCA1JEL0TCAY23RRICA2XPL9ECA9RC5PECA2OT7SQCA239X7V not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\TSPXCABIQYG6CA7CLXOZCA0MPT43CA0GAMHHCA1Q2H22CARGJYZ4CAFTGCLTCAGF10AKCA9GQB9TCABIKGO3CAUVMX4YCA0XE1W6CA78X7QJCAMLEFC4CA3TXD1WCAE15MZECAPF00C2CA36S5ZNCADIAQCE not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\TZMQCALR6NPTCASRVJXACA0QFZAKCAFBP7JRCA1Y4MU6CAKOCV2PCALJBPTPCAWPO3OQCAQ10JNPCAI6X4TJCAWI1MKTCATVDLHZCAEWCEWTCA0146G8CA5B7917CALZ8FZECAGQ1O4GCAE2GQ8NCAT00LW6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\UA7QCAGH2SN5CAG26X0SCAV4HEXYCA6EDAEPCASB4FJUCAS8GIEMCALQCDLYCARWSW38CAF7M4QGCA86G0W5CARM0717CAHXR0XNCAR6DYW1CAHYDJFHCAK94Q8KCAJ4KOM1CAJ9NHQ0CA6JLVQBCAI398HV not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\UGY2CAKZO3PMCA5AM8Z3CAC594JCCA6A7KAFCAM14A10CA5CPGBOCAVS09GXCAINZ6L2CA5BYK2ECA4HUKN7CA9CQF8ZCANAPAEDCAWZHYRXCA7RCGUOCA17721YCA25FH3ZCAJ3DH4GCAH2V2V2CA0JCQ6P not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\V3H4CAR0IXZJCAAQ28KZCAP58ZS5CA1UJALQCA5SMNF8CANVWNTLCAFI6H14CAZYF6VPCAIUZLM8CA5QR4IRCAZRXDPRCAVR9TYQCART2LJYCAZO0H7FCAXFJXPICAS7MD2ZCA5CI7C5CAAZ979CCAXK11W4 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\VADICA62KJ6VCACYE54FCAA8XV04CATW2OQFCA42B1HDCATAUPWUCAVSHZLLCAZB0YBVCAYF0GNVCAXVQ7IDCAYKGNX0CAW2AY1ICAYPFRW6CAU7UU1MCABIN7VBCANVOS68CAIIPRQ6CA97ED21CAV5KC10 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\VFI2CAVITT9ACAT3J10LCA2V1XLMCA40853VCAW8SNJ6CAMOXS54CAYKNXPXCAEJV7ZVCAMVAJ2WCAMUBFRWCABAFYYGCAWW2UVKCAJVK8F6CAYLIIXKCAVCXXKZCAUK7GH3CAJ1WDOACAD1XFEBCAS6LJ78 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\VP5TCALIFNT2CAOTIOMNCA5JR5ZGCAL17FKICA73FLFMCASB2RUMCAPD1AIOCA4D318JCAA84G2PCANJW19FCA4VX696CAOHDL3TCADW2IHOCA6MSNLMCAYIDDGFCAKQK23ZCA9W70IQCAFPBCWFCANZJXQD not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\WA65CA03TU2BCAT6SB26CAL732JJCA02Y229CA979FAOCACQ98P2CAICPMVUCAUHSCOZCA587IT7CAQRXF6GCAX8QZMKCA01P1W4CAGD2SMQCA44HL09CASC0ZM3CAEHYH4OCAK0RGIACAR6DO4JCA4M3SB7 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\WAN6CAZM3HT5CAGJD51ACAR9OM9WCA7E46I5CABN3Y22CATO92MLCAJ46W69CAJGEZECCALM1W47CAV2V2VICA5TQ66TCACKZ7HVCAPSKJ24CAMVABFECAR9KQ6ECA2777C7CANE84YWCABHGUU3CAV3ZT1I not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\WVAZCA5XO9DKCAGPMPKXCANPZFZXCAT3F4RACAWDLZB5CAYPC3H3CA807NZKCASF9R31CAYVBOT1CARQ13XWCAKYF2MHCADONAB4CA3BX7DVCAMA5PWYCAE0XRQGCAPV2R1FCA3LTSTYCA3YG607CAL09L03 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\WVYMCALDK1RRCA3H19S4CALG5L0UCAXKTXP9CAEZPZSNCAVW497QCAFOSL46CASP8WCOCAFIJ5W5CA2AC5R5CA5UZ2W4CA05O2ZWCAG3FS10CABU0LUJCALICXCPCA08YRCUCA64EC9WCAR7YP6CCADQ9T45 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\X7Z5CANW7BA2CAL3UZOBCAEHMAQBCAATUR9RCAYCA7K2CATG9UQGCA4IB1V5CAP3PBJNCA1Y5D4FCAO5DQQUCA2ISGWZCA5K5FJCCASLJ0S5CA0T1EJKCACM3V4CCAFAJGH3CAPWJHZ0CADF39YGCAHJPWZ1 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\XCSXCAF0ZBJ1CA00T6QKCA6SGE2PCAIQSZ2YCA5OZQDDCAL6AK9ICA1G25SXCA2NTV0GCAKT0BPKCA5GQZ10CAJQI85XCAZFC12CCAFD2ILWCA5SDQLACAWJVS54CAIHF8DNCAUAFNB4CAY6476RCAA4LEUU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\XG9KCA7G5ZGNCA98HNQ6CA0BVW1PCACN7H63CAWJFYL1CABACZV2CAVV73WICAIEFITSCAK9KFL7CAZV74N5CAALXI74CAWZY1LNCACR7LG7CA87W4BUCAVORCUZCAYV2IOVCA1OQXC1CALKC48UCA2JZ2QD not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\XKTMCA1EBECXCAI81KT2CAPUXZ0GCAWLD6M4CAPFN25CCACS6L4DCA1IOV6SCAW9U6MBCAIBQQ5BCA62AE4MCAWOALAFCA1C0PF2CAAUVWYGCAGR89KVCA26YJXCCABJ5PEWCAR6KEBNCAJVXFB9CAKFVJ1V not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\Y00ICATDB07VCAO1GG33CA93MUJFCAX30CMZCAEKE85KCA47RV90CAZVPQM6CAR9NM31CAE9V3N2CA6GFK4JCAAEDH9ACAV7OK1DCACDVB4DCA8R4BWFCA57FAFPCA8OHOPICAHYTUWUCASFUSOJCAKB5MV7 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\YF2JCAGJYDFXCAC12A99CA9A9J9JCATSWH21CA2A942BCA4FANHECAKIUSJ0CAZEJ1IUCAL9343UCAQ8BZ3JCA3GELMOCAHVL24VCAY2SD09CAH7R4WNCAQNBK0YCADTMO2KCAH4WA67CAZ0W793CA3B66UA not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\YGWSCA8A4J62CAECSVRGCALAUXVZCAUNKJ85CAV9Y4A2CAVPH4RZCAELZ52MCAP23AY9CAUBW6YTCATN5FUQCAKS8ED3CAKVZCFPCAUWAIJ1CADTMW07CA5NK9UDCA9DS86NCAGBUJL6CAOIZNDLCATD9SAO not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\YJ9OCAVMWT8DCAG2D5XKCA33QORJCAGV2R3CCAFQMG1KCAIEO7EOCA460NKOCAV1XQFNCABJQFSOCAFC1XAJCAH6AI3YCARFSKKGCA5Y8HSVCAXFNJCACANCYSKHCAJ4ONKTCAZW2XFACA3B0U3LCA95BGJ0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\YS1WCAGKXCVRCAJ6JLEPCAS9YJHECA85SE92CAUQ36B5CAK3MZZXCAFU9ILZCAJQUFV2CA6MGIU2CAM7I610CADUFFR5CAX567JICAM0ZQT3CAPJFXGNCA1YBD2JCA5Y90U5CA66Y28TCA6TQF8FCAYUWD20 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\YWWUCA5Z2YK7CAYWB85KCAIKPR3WCASLJI07CA7XUU40CATS3DOACA3BME4MCA7BMNKUCAH6O332CA2S6OG9CA2JSMXBCAQ0DLOZCA7T3FRMCAQNX0BPCAP3673RCA066NW7CAXU347DCAPLSXTWCALH9ITF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\Z4N7CAEA2FARCAEO6VDACAN6B2K9CAAR7MA0CAT2SCZKCAKW0I7XCAH2J6I3CAGSWO6XCAVMHRG3CAJM02VGCA3ECCUXCAKABK2DCAGB055ACA4T06VYCAWZ92P6CABDVMOKCA1A6PI1CAHAAVETCANY7LWT not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\ZP4JCADLI7IDCA203UXSCAK0CS2DCA5TZUVOCAJA4WE9CAAQGCW2CAI259LWCABY1IBZCAYCQOSJCAEW0QL6CA213DM6CAK6ES3JCAFE07HLCA1ICDBICA4312Z2CA1XF1YPCA4FM2DSCA1S3GBGCATVQXKN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\3HH0DQS9\ZXNKCACSMQ4JCAGIJ0BACAM8PF4QCA2BS4HHCARZ0JD7CAT98M6ECAM6QQVNCA0RYL83CA73K8ZUCAP9STTVCAQ7ZS6PCAIFENNBCAPBCC5QCAGXT5NFCAQUBUQSCA15U9CZCAPMHL3SCAMUSFUCCAVQOG8D not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\04H5CADRPC0XCA0CPLEFCA2GYE54CAG0RWBOCAYURZI2CAO22DTMCA42UDMUCA2QRENCCADRN1M9CA9NXZ8BCAVC50VHCA686EBBCAMDGNP9CAEMGX9MCA9NI5IXCABZ8TJKCAT38222CAWXYFS6CAFQLZJY not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\0L7WCAQ52P7LCACKZLX1CAIMZ2P8CASV6EP5CAY3G20XCANLRM1TCAX0CRSJCAN94UK4CAXOW67ICA72TIMDCALG82R7CACK2B1OCAAVKQS0CAA3T1TOCAI66ROHCAFQO08BCACEG5YJCA9SDXK5CATHH56G not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\0S53CARNLCN8CAEK4MT5CA15UKYXCAKSUB1XCABO0FKUCAW9TDRPCAJH70G4CAAUZXYRCA0T3TE2CAYVGN62CAE499TTCACUDWKECALT4JCSCA8HQVKQCA0J005RCAVZD2JMCARPM917CAY9OC11CANPKDBK not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\1A5LCAVJ3EQLCALUB4RFCAH4EA2TCA3ZMV0MCAUFCPN3CA2OBY9QCAJEIJSVCAULOM6JCA4OHRC5CAG84V9NCASAWCGRCAACGAPJCAO2A6GMCAD70MPTCA2I8HVBCA9FS47ECA0YP1L3CAW1K9NTCAKO8V4F not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\1NG8CAJDIJFECAQ8PKVECAQK48MECA9C92NPCAWPE9U6CAXVPDIRCAKRL7JLCAFM4LKHCAGXF3X6CATI7SYPCA8FR4WNCA8YGJ2TCA9OPGL4CAWTZ4QTCANSNGTACAIU1PBICARAMM38CANK1LQTCAFUV6KU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\2390CAN3NHZTCAUODKBCCACFDECNCAUXJL0FCAY7NIFHCAMC92XZCA94IIVDCA1MQAT9CAVOYR8TCAO7DQHKCAFH1JWOCAFIHSZXCAQAOT1CCA6OXWBNCAZ3NVIGCAYNFMJ8CADGHK6ACASWGYJ0CAZC6N8P not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\2HF9CA0XUCUKCAV9RL6UCA3DL7M4CAVBB9MBCA3C6XUQCALCNKRJCA82XBX8CA2Z29X3CALD2ND7CAEUPEKLCAXRRK7LCAQEX0MSCAA3YE5DCAD5A8E2CA7B49HGCA8GA37VCA0OYBOLCA7NO6BQCA05N83M not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\2T1LCAUCTBM9CANW00SSCA6XG0RECABKQR4BCAEYCQUVCAHYZ03RCA9F20KQCAGPTWZLCAQ80FH5CAJVK9L1CA605P3MCAJBGJSICA2AFMK9CADLXZ76CAV14938CABHGZ5MCAZ00R1BCA9KDUG7CAGZZMSX not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\2U6HCA0GT4INCAQWW80ACAIW40OICAWQGBFJCAI1BSHDCAVGS221CA36M0LSCAAQEFKACADSKT7OCASUBZZ4CAWQUE2YCA2ZN4NXCAMWKET2CAPHHICECA5EZKHECAZB13FTCAFX0AXKCAC53BIXCA9I0Z6E not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\2U97CABB13EFCAGJ833LCAUA6VEUCAUBAP3BCAZ8T9F0CA13GPJICAXVN3TJCAP5CMGZCA9T89NTCAXL8NLZCAMZWLHDCAIBTA6UCATZMXCTCAYLEI1BCAJ7CC6PCA3EWOFKCAA3M7RDCAVWT7DXCAOIZ287 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\3FDNCAXL8FYACAR2GSFQCAY90U9SCA4VFX3HCARJ90LOCAYPTCN1CAEP6C1HCA7TQ6LECAQ0HM7HCA61LUKDCA9XUPF7CAJF65WJCA7RP478CA00COWLCATVBGJTCA976U9RCAFNQXR0CAAOP7ODCA73AQB7 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\3HQLCAPGUQW8CAS8BU8ECAKC1AI7CAE29OGICAOSFFQMCAVHG7AVCAJ19UXSCA9GRFHRCASUHPJJCAYMCGO8CAYFIJ2MCAB5C4R4CA2P64MACASA1I01CA3URORZCACR4R9KCAKZ25GSCA15ZGJXCAIO19GI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\49GOCAXKYKHBCAI2UVVRCACSU7YCCAPWKTRRCAX9P7H4CAQRSQCTCACGZLPZCA727AX2CAUBFINYCAG1136TCAJK9UL4CA2JDYV4CA7FSB35CAT257MQCAFR7J0UCASRNULJCAUGILUOCAYVB704CA6JG5E1 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\4VM0CAD2DOAQCAGWXLHLCA15T3GACAY11QP9CAOMBX0ACAGYA5QSCA48XP5ICA1O4G5FCARUOU59CAB93KL8CAEF0KPLCA6DA7G1CAN2ZXRJCAPB3R5ICAEAR4Z5CAQBCAKJCABL33MCCA0W4161CAQJR2HA not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\5TE6CAN4AE3ZCAAMYQXGCA7CCEJ7CA3W8U2MCAZ2FOIHCA45OCBOCASO72YPCAVOXQZGCANU2733CAUQ9FH8CAYBC0MYCA06EXMMCAJ1Y99ZCA0TY7FHCACIKM69CA1KA2BJCAA3XF8OCAK1ERGACAYLMV93 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\5VSCCAU6RQ3BCATWTMXDCADTLSWLCA915XOQCAH6KX4UCANVD3TACAHUAZCDCAFOQ201CA02ZEZBCAH0XJPKCAJ9XRFKCA6E32DSCAQQR30PCAZ7KOQ2CAQWNU0RCAHH5ZH2CA7I3I4VCA3MTDKLCA1ZMR6U not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\6FP5CAR2M1CECA5D8BZOCA5EQX67CAF3LV8PCABON3NRCA7TRZI7CA8O9MGGCA4PHFTRCAGCEJWUCA2J64EBCATZAVRSCAD6AY1QCAED8K09CAPCPV9YCAJ6OD0TCAR5BV6TCA35VOXDCAZMKC0HCAWD1TM0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\6NCNCA4O9PELCA3LRNUMCAFSR0EACAM80GU5CA65VR94CAG47Q9SCANBRPMWCAYGU3SUCA6SISRWCA5LKK50CAIWCLC2CAKBP8F7CARRTP7UCAAQ8URSCAOZONV9CA0514VMCAI2XTJPCAH7O3FVCA0C48Y8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\7JX6CAXNATGPCA1QEUHUCA11OQVDCAN72YZTCAG9DM3ZCAQMZ27SCAAU424YCASTXYPLCAJP21LRCAKJ2XQSCAS6G8H8CAEYUJ9ACAJUT2DLCA0OET39CAHU956NCAQ3D8DMCALW0CZLCAL7TIXFCAVLFTDP not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\9ZSCCAEUHYRJCAVM0FLLCARF7O3XCAJCEVQFCAD3T6VDCARRVTMRCAAGP1WJCAIEJEOQCAUDMF2JCAFO6G7ECA931ESJCAZGIUC5CA9YG6FZCAIUAVSPCADAZCPTCAS5Y3LGCAEDJV79CACP5TDQCAMYEUA6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\A4AZCAJD3AXUCA6O0RGZCA1FGYTECA504KAXCATFAQSMCAO74HLXCA4SNJCBCAC1V5SSCAIAN8ETCADTVK7ACAV44C9CCAVBTCFACA0UDXFWCAXGUWACCAAS9YD0CA7S49V8CAV0E3USCAAHB2CRCA1RDUBV not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\AJURCAFT2AV0CAI7WAJVCAPCJMKNCA7C9T0SCAYH00TGCAN0UFZPCAGYGV6OCAXP2JH3CAH7AFNHCA7230BYCAR35F2BCAW9AZ84CAL8TNO7CA0HJDJFCAQ6UZ5XCA1S8NJ3CAZMLQKTCA2BCH0RCA8QNK81 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\AOKBCAQIC609CAP1OPR3CAN0OL6OCAT83BRVCAIZB6HPCA9WBF52CABYSO7SCA6Q50CBCAVCYNTNCABD45ZQCA39YBJ2CA1W53J1CAVD5920CACXON4WCAZUAZT1CAL4VBZ2CA8ZVPFHCA3629IWCAJRWHH9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\ATRDCAWJQ3FTCA58H0TTCAP2BPJHCAF0I7TYCA405AZYCAR9DY3FCARUA6QXCABT0DMOCARQKU1VCAPJ3VBYCAU5PIZTCAY1OJSOCAF0TB0ECA1DWIC2CA8K20BXCAIVM6O4CAHAIZVACAJOQNGQCAFZV8LO not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\BAL2CA5645DXCAHET2YBCAKBMN9NCAYXJH6XCAEY6H7ACAJFTKBLCAQU9H09CAFDPLNMCAPPWVYQCAY0W8QYCAAN23VPCA8AYWJ8CA56BNCBCAXEBNNLCAL6K3UYCADL35M5CAQ1R99FCAJAH6H1CA3HFMEU not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\BE3FCA8T6XAPCATEBZZJCA57R5USCA9M2VIXCAX9LDIRCADZFY73CAHR383RCAJERDJJCAYFRS95CACN24BZCA201YFZCAH4L3GPCA42E4IXCAXR6DTSCAF4G56ICAQ2EEKRCAZKVMA9CAEYYT0VCA9NCO1N not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\BKGXCA1E6V7VCA3FC2NTCAFPKKAPCAR451N4CA603W6DCAA621TCCA3Q55O7CAZA7EK5CAK1CMHBCA2LMFC6CAF6K1GZCA0QYZ1BCA1Y5BR8CAMJVKRBCACA98V6CAASLGJ5CA8FLUHNCASUC0QDCAF7ICHW not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\DRDYCAHIZOZUCA5T07IECA1NLA71CAVZOQWECANMGTVYCAYWHNRHCAL5R6OPCAQN7MPZCAYKDLZLCAEMR6AICA3YVVT9CAJMBCFBCA1GME2MCAQLO2HTCAK2JMFFCA9PJHHCCA0FPKT8CAVGN8U1CA4WSU0T not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\EEYLCALCZ7RNCA551BYTCA1AUIDNCAYCVCXYCAU7FTJBCAB540G7CAMPHAHCCAM6F461CAX5277LCAYGSK37CA1OZ58LCAR0KL6ACAFZ7SE5CAX9R263CA51NFBFCAYWOYMUCAUPCEQ9CAMWYP8NCAOM7XK8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\F1EICAR8FUYMCAF4LBQQCASJ4V56CAWVM834CA50KU83CAV4OBKXCAMPD7OICAT4J1CVCAYDJDHGCAIIMHSWCAD0IYE4CAHV0JO1CA3BPQ75CAATXLYACAGWIN98CAUPLQHXCAB9639ECAXL2KV0CAN11B47 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\F1VQCAG3Y9GDCA3D58IACAXSGJPKCAJQ19GJCAK1FWZECALOO3YMCAM156DKCAVM1W4GCAIAYSJVCAOPFV2VCAPYG618CADJALR8CA8295XTCA1WCWKGCA0DSHPCCAGOPXAHCAZKZ6KYCA6ZF659CAWM9HB8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\FX4ZCAL7GXVLCAWIZLQQCA0KJDT8CAW4RTN3CA6CYF71CATRU7F7CA02FW9CCAZB815VCAEW26EDCA3L0FQSCAREAIS0CA4B3IY2CA8IJFJ7CAOP7VFXCANSONT4CACUDCDGCARHNB7NCAA3SU8TCABOFBWL not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\FXGMCAURS4E0CAN5GD66CAA52FV1CAE78LIRCAPEAJIACA2NC2M2CAI5KKBOCAJ1ISXICAV7M192CANICS90CA07D4YCCADKDNDRCAA6ODPYCAN7OLUTCAOKQGAGCAE3002XCAK59XMPCAPSG68DCAIKEJM2 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\H6AJCA1OOS84CAI8UZ03CANWS255CA4DWD91CAPKV2OHCAT29OHBCAXO9ERACAY11Z18CAU1DWCMCAE3OJGUCA1SB4SECA96HRQXCAB077MKCARK1AAVCAV2H7JMCAP36IOQCA4JFK5HCA5RGA9HCAQV420R not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\HT4JCAEC910YCAWDV69BCAT6FUZNCAF58S6ZCA4IKYTTCA8EU8LJCA3IBXV3CAQGEP7PCAVNJL5XCA6C6ZVJCA9AUWMHCAYXSIGHCALJDEFVCA9WP5I3CATE7N8ICA35D5WBCA3WGXF1CAVTAL4UCAJ1HE3P not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\I53HCATOQYN6CAO00HJXCAF8ID1LCA3MTF7CCAE59WQUCA32QLQ8CA0UL48RCAWOV2N0CA555B6ICAQY17IVCA5ETBL2CAQ82ERFCAO23OE0CAVD0SZ1CA9M66HOCAJ8CGO3CAHR37XKCAKQ92ECCAHJ1TJ8 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\IGAHCAEY1QH9CAN168P0CABWFO7FCAFA2K2PCARVWI94CAV0V95ACAMDLEWPCAC15IZ0CAMPOX0ZCA9SEP30CAGUJZF4CAA36W60CAP66XOQCA9GOJJHCAJIG748CAK6WOMZCA74GR38CADLZV6HCARSPHCR not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\IHOFCAAM0P2OCA5FDGW8CA6S707YCACC0WMRCA0M2Q6LCAPJVGU4CAY80NS5CA62YZV0CACGWO2NCA1DU52ZCATMIAIFCAT6ZF80CACFCJDPCAMEEO3BCA8LA9HXCAV9ACFGCA10MZJHCA1F3W3RCA5DCQ21 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\IIQKCAF85F06CAUNLFE6CAIVVI9MCAZF6R2QCABQ0Y8HCA3SFB9JCA2E1XBCCAT5KXWDCAPGEBJQCAE79OZDCAIL80IHCALN1ONICA5TY122CAP5YZMBCAKII5FRCALNFTDKCAQA3D7RCAKCFSDHCAQEHOCR not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\IMCQCAJ7ZNEBCAG95AVSCAMPW0RXCA3OPQL2CAWBRZXHCA8B64M0CAC3FI9BCAGE2O84CA70SDARCA5GKE79CAQ3QPCOCA5319IVCAF34FDPCA0R7USACATUM1MLCAXTEQJ2CAO539OICA7J36TVCA31ZV9L not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\LLEJCA1C6253CAB2W2GCCAC9CSWGCAAFB4UXCA76TLCPCAE7I5IYCAMEACEACA812VEECA3122LTCAIX0U19CAN4W3BQCADL4XCKCANPQ3KECAVYFCOWCAK574TLCAK3FLYVCAWD8VM2CAGD72PFCA53V2QR not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\M2Z1CA31784NCADHO54QCAUW1Q3JCAQ92ZUFCABCZTW4CATELS2ECA8T52EICAFQ6Y3LCASLK8OKCA0LMDTNCANIGW3KCAG2047QCAC6JJ34CATN52OECAF4XC39CAATO8RSCAPTCY88CASWKA3DCASPBMGF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\MG09CA8VREM2CABDSHQUCAHROG3CCA2TKG9OCAXOBQ3UCAWHWMS6CAAEYLSCCACU6IMVCAZERECTCA8QF593CAEPWRC2CAW9EAZ3CA1451EACABUS5F4CAIE1SA8CATG4PRDCAAISWG8CAYZIOPACA5JU5PP not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\MSZNCA6T4XP8CAB4L6LACAPMFT5JCA8KSV3MCA8I6IXVCA9ODG3SCA605E8KCAF9K21YCAHY5U5CCAXABDOACAEHV1P7CAQ02LIJCAHSXGK8CAV5UT88CAN4CA1PCA9J3JC1CAOIHD2PCA8M6E9ICAPBJFFJ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\N5R2CALDN349CA7ICPWNCA225UWICALIZNLKCA9J933FCACBPBK5CA6J2ARYCARPVOXSCACNP9U5CA9H4DL3CA12SA2CCAPRXKDBCAKN0EOKCAZYY3GHCAGMWX4BCAIL9NV9CAMG9ILUCA82RI1OCA1AGAI9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\NJ0QCA8TIBSDCAZOSCUICAEV536UCAALPZGUCABUTZRICANGLZNYCAS3J3A3CARIBJB7CAHHVGCUCA7JKNONCABCW1T4CAKB8O3OCA4LCOL0CAER0WPVCA0L74CUCAECLPK3CAQ29UWDCAV3YLDJCAPKHT7O not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\P7KLCAS2XZZKCA1BLATBCAD5GZWTCAOE60MCCAMJS94PCA5PSO44CA7VQM3CCA849L1PCACIQBB8CAC6K708CA26BD89CA9RCAW0CA39GMYNCAZPEEAHCAZ0QAP5CAQECZ7NCA7GOCBICAR3M1ARCARCGDNI not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\Q8TDCA9OD168CA0T5A71CANHRQ4ICABURCFPCAXANEZKCA06X3ODCAQGM345CAJN2CVXCAJVP728CAVZAYVYCAA8FX48CAPOBQ8MCATO55NNCAEHCYNKCANPPXUDCA26JNSBCAT0D2JBCA2YZDD4CAU39LEF not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\QNLXCA3RZO4LCAGWT5WLCA9YY8EDCA1NYMJFCAK7F5YTCAZIBOPTCA6HJML6CA4AOJWLCA4OYKKNCAJWS757CA61WWQ1CAKN03Z9CAE2MFKKCAG0DA0QCAKWQ67BCA6P896OCAX2U80OCA797KVVCA89HDB6 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\R9GECA883ZPYCA7D0OQ7CARZIRUPCA3ITYHICARPYHWDCAHG3HXHCASIG7PMCA03F3CUCA8RUUXOCAGX3EV0CACXXMORCAJCD0MXCAN2PLPICAWJOTGWCAPD3EY1CASR07POCA4UK9JYCA5KCNMDCALBM5RZ not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\S20BCA88Q0YFCAU8VUNPCA3MY2ZMCA4Q7G80CAC0LRVDCASD0P02CACV0S5TCAS63J6JCAUQLUIOCAEJX37JCAVHIRGHCAHLBJ9WCAUSCJF9CA5JESG2CA1C4H52CAVQVHCLCAT8K2TICA0UEZ8QCAKURPEH not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\T8ZCCAILJL3WCAFFZQ0ACA0B7W2ICAZK3MZTCA6SAR4QCA0RGTQLCAO41PLBCAX9AAQMCA288S1ICAMUFAJHCAP0F95ZCAT8I0LHCADO6JBSCAHR5WFUCA0M71MACAYP5OLPCAATGTJUCAPCFFA5CAIDDDP0 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\U1YJCAIHLNY8CAZRLH76CAYQBA0PCAJKEJ0BCATTI4MMCASGP95HCAF9ADJSCAZTA6IBCAC7RMA8CAZLA05NCAQSCX0CCA137TIMCAMW9ALDCABLE10LCA59YL1VCA9MZ4RICA7EX5E8CAOV8MI4CAMFQ3DN not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\V4QRCAYQNFZNCAALK97ECASCEKU9CA0L9NKRCA002PLWCARVO7YPCAEHMDEVCALHPMA9CAUV1YJGCAETWTN2CAABL286CAK0E1Q5CAKKI38SCATTGCDWCA0OO03OCACOA7S5CACB46A6CAVL3OFMCATL2J01 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\W2E7CAVBO2SFCA7ZL3FTCA6RHH4KCAWNO1CSCACMTAGWCA6OH83UCAP447O6CASZZZQ5CAP1Q8CLCARPTHRFCA5D9OYYCA5IQMTGCAX013P6CAFA2516CAONYLNECAJ4RTDJCA0I0KI8CA4W8481CAOEWXT3 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\XE0MCAHEHZTTCA3U9W9KCAXKSMMQCAT7SVEVCAM4HXPYCASD6I7RCAVA9PMCCABUS5KVCAD2M4O6CAVNIDGTCAQU72WDCAD5DH0UCAEQU52LCA3ET420CAKT132CCAEL6DM7CA7EZK2UCAFWMXBQCAXWJ4K9 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\YFKHCA1OKFMHCAHK0OZ7CAUS6CCXCAAYCFDCCA5A2YDDCAXMF4NZCAFZFSN0CANIPFYLCAL5K0B4CAND7HDSCA1Q0477CAAGIROACAH1U8NGCAWW2FV5CAIJNKBVCA2AE3F0CA0LS4C1CARETXRACA5JRGU5 not found!
    File\Folder C:\Documents and Settings\iiii ccccc backup\Local Settings\Temporary Internet Files\Content.IE5\36PMIY2U\ZMEFCAKLFCHACAXQFWOFCA2XCNI3CA9AQJKVCAFHRHK5CAKLCWPRCATCMDGLCACVAOYSCAADUO1YCAMONESACAEA7ZNHCAM3Q2SOCARLJK0OCAS1QY55CAD4LF0VCA8ZB11FCA91GOHLCAPBKOJCCA10O11Y not found!

    Registry entries deleted on Reboot...
    __________________Security-Check log_________

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Java(TM) 7
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Reader 9.4.5
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ...and Eset....
     
  20. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Java and Acrobat Reader Updates, ESET Scan

    Hello Broni:

    Thank you very much for your prompt response. I installed jre-7u0-windows-i586-s.exe. I was surprised to see it flagged as: "Out of date Java installed!" I also ran JavaRa, which removed a lot of old ones. I will perform both tasks again, and update Adobe Acrobat Reader, this evening.

    ESET scan took about 8.5 hours, found 6 "infections" consisting of key.gen in an old Adobe CS2 install. I think it also flagged SecurityCheck as a threat. ESET Online then displayed a box with only 2 radial buttons: 1. purchase ESET; and 2. 30-day trial (I may have rephrased them!) and locked up. Thus, I just closed the dialog box. But, it did not generate any report, nor did it uninstall itself, as I had asked for. I have found all the infections in its quarantine folder, as well as its uninstall module. I will delete the infections and uninstall ESET this evening after I get your advice. I will also update the Flash players.

    The laptop still takes around 5 minutes to boot even with 2GB of RAM. We need to remove some applications from the startup, e. g. iTunes... after the cleanup. Please let me know if anything else needs to be done. Thanks again for your continued support!

    Best regards,
    Wiz:wave:
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
  22. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Autoruns List

    Hello Broni:

    Thank you very much for your response. Attached please find the text file generated by autoruns, renamed as auto_runs_post.txt. I will complete the other tasks next. Thank you, again!

    Best regards,
    Wiz:wave:
     

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    I don't see too many startups there.

    Let's try this....

    Go Start>Run (Start Search in Vista), type in:
    msconfig
    Click OK (hit Enter in Vista).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Same problem?
     
  24. drwizgeek

    drwizgeek TS Rookie Topic Starter Posts: 86

    Selective Startup, Java and Acrobat Reader Updates, ku6speedupper.exe malware?

    Hello Broni:

    Thank you very much for checking the Autoruns log. I completed the selective startup process, as you advised, but I ensured that no required service was disabled. The shutdown is a lot faster, but the faster bootup still takes around 4-5 minutes.

    This careful examination has also revealed that a ku6speedupper.exe malware might be lurking in there. This is because this is not the legit C:\windows\system32\Ku6SpeedUpper.exe. Rather, it is in C:\program files\ followed by strange symbols and chinese (?) characters it its path. I will look into it. Please advise if anything we should do about it. Another unsual change is that the Avira system tray icon has disappeared, although its guard is running!

    I checked the installed jre-7u0-windows-i586-s.exe on the adobe.com site. It is the latest. Thus, our scan falsely flagged it as: "Out of date Java installed!" I also ran JavaRa again, which removed just a leftover folder. I updated Adobe Acrobat Reader, as well.

    I have found all the infections found by ESET, which crashed after completing the cleanup, in its quarantine folder, as well as its uninstall module. Should I delete the infections and uninstall ESET? I will update the Flash players later. Thanks again for your continued support!

    Best regards,
    Wiz:wave:
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes and yes.


    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\program files\¿á6Íø\¼«ËÙ¿á6\Ku6SpeedUpper.exe
    
    Folder::
    c:\program files\¿á6Íø\¼«ËÙ¿á6
    
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Shared Tools\MSConfig\startupreg\gw‘6*]
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\???6]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...