I ran it by accident before I was ready to paste the code you gave me, and it gave me two files, OTL and extra. I ran it again as the custom scan (this time it took about 90 minutes) and all it gave me was OTL, below:
OTL logfile created on: 11/12/2009 12:55:39 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Brendan\Desktop\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.12 Gb Total Space | 297.82 Gb Free Space | 50.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.94 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive E: | 26.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BANKSHOT
Current User Name: Brendan
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/12 12:49:53 | 00,062,464 | ---- | M] (VoNoVPx) -- C:\Windows\9129837.exe
PRC - [2009/11/12 12:45:35 | 00,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL\OTL.exe
PRC - [2009/11/12 12:41:10 | 00,027,747 | ---- | M] () -- C:\Windows\System32\photo_id.exe
PRC - [2009/11/12 12:40:59 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/11/12 12:40:55 | 00,051,200 | ---- | M] (InstallShield Software Corporation) -- C:\Windows\System32\reader_s.exe
PRC - [2009/11/12 12:40:51 | 00,023,040 | ---- | M] () -- C:\Windows\System32\FB4F.tmp
PRC - [2009/04/11 01:28:15 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 01:28:15 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 01:28:06 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 01:28:06 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/02/11 19:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:23:50 | 00,338,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
========== Modules (SafeList) ========== MOD - [2009/11/12 12:45:35 | 00,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Brendan\Desktop\OTL\OTL.exe
MOD - [2009/04/11 01:28:24 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 01:28:24 | 00,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\IME\SPTIP.DLL
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (RelevantKnowledge)
SRV - [2009/11/12 00:29:24 | 04,877,048 | ---- | M] (SurfRight B.V.) -- C:\Users\Brendan\Desktop\HitmanPro35.exe -- (HitmanPro35CrusaderBoot)
SRV - [2009/11/05 21:01:51 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/21 11:56:16 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/10 14:23:12 | 00,266,240 | ---- | M] () -- C:\Program Files\Keriver Image\CLRSERV.exe -- (CLRSERV)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/30 15:01:10 | 00,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/22 11:20:30 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/03 21:27:19 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/11/04 10:48:10 | 00,288,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/10/30 10:13:28 | 02,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/09/23 23:09:52 | 00,176,128 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:25:33 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/20 21:25:09 | 00,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/16 22:13:08 | 00,602,112 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2006/11/02 07:35:29 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 04:46:03 | 00,045,568 | ---- | M] (FTD2XX Software Technology) -- C:\Windows\System32\BtwSrv.dll -- (BtwSrv)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.indelible.../alice/love.jpgIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://gmail.com/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.1
FF - prefs.js..extensions.enabledItems: {8CE11043-9A15-4207-A565-0C94C42D590D}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 07:36:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 22:06:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 11:24:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 11:24:48 | 00,000,000 | ---D | M]
[2009/03/21 16:28:27 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Extensions
[2009/03/21 16:28:27 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/12 12:51:26 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\extensions
[2009/08/21 22:20:38 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/01 01:11:12 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/04 12:07:57 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2009/11/10 11:21:24 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\extensions\
[email protected][2009/03/24 13:45:38 | 00,002,057 | ---- | M] () -- C:\Users\Brendan\AppData\Roaming\Mozilla\Firefox\Profiles\or7km15a.default\searchplugins\youtube-video-search.xml
[2009/11/12 12:51:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/11 02:34:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/11/06 11:24:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/15 15:57:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/10 10:34:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/06 11:24:46 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 11:24:46 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 11:24:46 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/11 16:28:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/11 16:28:28 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/11 16:28:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/11 16:28:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/11 16:28:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/11 16:28:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/11 16:28:29 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/09/07 00:13:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/07 00:13:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/07 00:13:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/07 00:13:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/07 00:13:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/07 00:13:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/10 02:21:52 | 00,000,808 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [photo_id] C:\Windows\System32\photo_id.exe ()
O4 - HKLM..\Run: [reader_s] C:\Windows\System32\reader_s.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Regedit32] C:\Windows\System32\regedit.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [userini] C:\Windows\explorer.exe:userini.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Brendan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Brendan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
http://www.support.d...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\kbdnet.dll) - C:\Windows\System32\kbdnet.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O27 - HKLM IFEO\1.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\servises.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O27 - HKLM IFEO\sys64_nov.exe: Debugger - C:\WINDOWS\system32\ahui.exe File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/07/28 11:03:40 | 00,024,576 | RH-- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999/07/13 11:54:56 | 00,000,091 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{181b524d-16fa-11de-a653-00219b1241f7}\Shell - "" = AutoRun
O33 - MountPoints2\{181b524d-16fa-11de-a653-00219b1241f7}\Shell\AutoRun\command - "" = L:\Setup.exe -- File not found
O33 - MountPoints2\{1890a871-082e-11de-ba58-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe Software\Final Draft\Final Draft\5.0 Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: BtwSrv - C:\Windows\System32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TrustedInstaller - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TrustedInstaller - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5CB22A13-5A30-876C-ED45-D428C6F2BFBB} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7111F814-23BD-4750-68F8-A6F7FB64C4FB} - Java (Sun)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
========== Files/Folders - Created Within 14 Days ========== [2009/11/12 12:49:54 | 00,062,464 | ---- | C] (VoNoVPx) -- C:\Windows\9129837.exe
[2009/11/12 12:45:30 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\OTL
[2009/11/12 00:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2009/11/12 00:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2009/11/12 00:30:57 | 00,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2009/11/12 00:29:20 | 04,877,048 | ---- | C] (SurfRight B.V.) -- C:\Users\Brendan\Desktop\HitmanPro35.exe
[2009/11/11 23:35:18 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/11 22:18:33 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\GooredFix Backups
[2009/11/11 18:51:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/11 18:51:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/11 18:51:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/11 18:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/11 17:58:47 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\SysProt
[2009/11/11 17:49:52 | 00,067,656 | ---- | C] (jpshortstuff) -- C:\Users\Brendan\Desktop\GooredFix.exe
[2009/11/11 17:47:22 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/11/11 17:33:47 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/11/11 17:18:31 | 00,186,946 | ---- | C] (Business Information Solutions) -- C:\Users\Brendan\Desktop\AntiPuper.exe
[2009/11/11 16:02:46 | 00,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\Malwarebytes
[2009/11/11 16:02:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/11 16:02:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/11 15:54:41 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brendan\Desktop\HiJackThis.exe
[2009/11/11 13:28:44 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\pics 1111
[2009/11/11 02:34:37 | 00,000,000 | ---D | C] -- C:\Users\Brendan\AppData\Roaming\Opera
[2009/11/05 21:01:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2009/11/05 21:01:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2009/11/05 15:16:50 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\mp3s
[2009/11/04 02:16:11 | 00,000,000 | ---D | C] -- C:\Program Files\War2Combat
[2009/11/03 11:36:33 | 00,000,000 | ---D | C] -- C:\Users\Brendan\Desktop\headshots
[2009/11/02 16:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/02 16:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/01 22:35:17 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2009/11/12 12:55:44 | 02,621,440 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT
[2009/11/12 12:49:53 | 00,062,464 | ---- | M] (VoNoVPx) -- C:\Windows\9129837.exe
[2009/11/12 12:41:36 | 00,006,016 | ---- | M] () -- C:\Windows\System32\drivers\tcpsr.sys
[2009/11/12 12:41:10 | 00,027,747 | ---- | M] () -- C:\Windows\System32\photo_id.exe
[2009/11/12 12:39:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/12 12:35:52 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/12 12:33:41 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C6B03F8D-F5EB-484B-9385-36AD74A0FD01}.job
[2009/11/12 12:33:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/12 12:33:39 | 00,001,356 | ---- | M] () -- C:\Users\Brendan\AppData\Local\d3d9caps.dat
[2009/11/12 06:35:11 | 00,524,288 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/12 06:35:11 | 00,065,536 | -HS- | M] () -- C:\Users\Brendan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/12 01:33:02 | 00,026,356 | ---- | M] () -- C:\Windows\System32\.crusader
[2009/11/12 00:31:14 | 00,011,904 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2009/11/12 00:30:57 | 00,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2009/11/12 00:30:57 | 00,000,290 | ---- | M] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2009/11/12 00:29:24 | 04,877,048 | ---- | M] (SurfRight B.V.) -- C:\Users\Brendan\Desktop\HitmanPro35.exe
[2009/11/11 23:20:28 | 00,000,190 | ---- | M] () -- C:\Users\Brendan\Documents\cc_20091111_232025.reg
[2009/11/11 23:20:13 | 00,011,832 | ---- | M] () -- C:\Users\Brendan\Documents\cc_20091111_231944.reg
[2009/11/11 22:27:40 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 22:27:39 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/11 22:20:15 | 00,067,656 | ---- | M] (jpshortstuff) -- C:\Users\Brendan\Desktop\GooredFix.exe
[2009/11/11 19:08:44 | 03,563,264 | ---- | M] () -- C:\Users\Brendan\Desktop\Combo-Fix.exe
[2009/11/11 18:52:02 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/11 18:29:46 | 00,032,653 | ---- | M] () -- C:\Users\Brendan\Desktop\LockSearch.exe
[2009/11/11 18:24:44 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/11 18:24:44 | 00,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/11 18:24:44 | 00,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/11 18:05:37 | 00,044,302 | ---- | M] () -- C:\Users\Brendan\Documents\cc_20091111_180527.reg
[2009/11/11 17:51:11 | 07,280,672 | ---- | M] () -- C:\Users\Brendan\Desktop\SUPERAntiSpyware.exe
[2009/11/11 17:30:58 | 00,000,574 | ---- | M] () -- C:\cleanup.bat
[2009/11/11 17:30:58 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2009/11/11 17:18:36 | 00,186,946 | ---- | M] (Business Information Solutions) -- C:\Users\Brendan\Desktop\AntiPuper.exe
[2009/11/11 16:44:59 | 00,055,808 | ---- | M] () -- C:\Users\Brendan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 16:21:46 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/11 16:06:02 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/11 16:01:00 | 00,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-328432016-2847134218-26152873-1000UA.job
[2009/11/11 15:54:41 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brendan\Desktop\HiJackThis.exe
[2009/11/11 02:34:06 | 00,000,868 | ---- | M] () -- C:\Windows\System32\6616938.exe
[2009/11/11 01:01:01 | 00,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-328432016-2847134218-26152873-1000Core.job
[2009/11/10 10:22:16 | 03,347,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/05 17:16:44 | 00,284,538 | ---- | M] () -- C:\Users\Brendan\Documents\reap_mcginley.pdf
[2009/11/05 17:14:17 | 00,000,062 | ---- | M] () -- C:\Users\Brendan\AppData\Roaming\tigersetting.dll
[2009/11/05 15:32:55 | 00,332,688 | ---- | M] () -- C:\Users\Brendan\AppData\Local\GDIPFONTCACHEV1.DAT
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/11/12 12:41:36 | 00,006,016 | ---- | C] () -- C:\Windows\System32\drivers\tcpsr.sys
[2009/11/12 12:41:10 | 00,027,747 | ---- | C] () -- C:\Windows\System32\photo_id.exe
[2009/11/12 01:33:02 | 00,026,356 | ---- | C] () -- C:\Windows\System32\.crusader
[2009/11/12 00:31:14 | 00,011,904 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2009/11/12 00:30:57 | 00,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2009/11/12 00:30:57 | 00,000,290 | ---- | C] () -- C:\Windows\tasks\Hitman Pro 3.5 Boot Task.job
[2009/11/11 23:20:27 | 00,000,190 | ---- | C] () -- C:\Users\Brendan\Documents\cc_20091111_232025.reg
[2009/11/11 23:19:47 | 00,011,832 | ---- | C] () -- C:\Users\Brendan\Documents\cc_20091111_231944.reg
[2009/11/11 19:08:44 | 03,563,264 | ---- | C] () -- C:\Users\Brendan\Desktop\Combo-Fix.exe
[2009/11/11 18:52:02 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/11 18:29:46 | 00,032,653 | ---- | C] () -- C:\Users\Brendan\Desktop\LockSearch.exe
[2009/11/11 18:05:32 | 00,044,302 | ---- | C] () -- C:\Users\Brendan\Documents\cc_20091111_180527.reg
[2009/11/11 17:51:08 | 07,280,672 | ---- | C] () -- C:\Users\Brendan\Desktop\SUPERAntiSpyware.exe
[2009/11/11 17:30:58 | 00,000,574 | ---- | C] () -- C:\cleanup.bat
[2009/11/11 17:30:58 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2009/11/11 02:34:06 | 00,000,868 | ---- | C] () -- C:\Windows\System32\6616938.exe
[2009/11/05 21:01:53 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/05 17:16:43 | 00,284,538 | ---- | C] () -- C:\Users\Brendan\Documents\reap_mcginley.pdf
[2009/11/05 17:14:17 | 00,000,062 | ---- | C] () -- C:\Users\Brendan\AppData\Roaming\tigersetting.dll
[2009/10/10 02:21:27 | 00,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/10/07 12:08:39 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/09/27 01:07:41 | 00,000,000 | ---- | C] () -- C:\Users\Brendan\AppData\Roaming\wklnhst.dat
[2009/09/24 17:45:14 | 00,000,701 | ---- | C] () -- C:\Users\Brendan\AppData\Roaming\init.dll
[2009/09/24 17:45:12 | 00,000,701 | ---- | C] () -- C:\Users\Brendan\AppData\Roaming\sound.dll
[2009/09/24 17:43:37 | 00,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009/09/24 17:43:28 | 00,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009/09/23 00:05:20 | 00,072,704 | ---- | C] () -- C:\Windows\System32\drivers\cloverm.sys
[2009/09/18 01:13:07 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 01:12:36 | 00,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/09/14 00:34:35 | 00,000,081 | ---- | C] () -- C:\Users\Brendan\AppData\Roaming\MultiFill Prefs
[2009/09/05 23:35:47 | 00,742,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/05 23:35:47 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/20 10:23:23 | 00,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/06/15 17:03:11 | 00,001,356 | ---- | C] () -- C:\Users\Brendan\AppData\Local\d3d9caps.dat
[2009/06/13 20:28:32 | 00,001,101 | ---- | C] () -- C:\ProgramData\afl.log
[2009/05/08 09:13:04 | 00,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 15:00:12 | 00,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/04/27 21:15:28 | 00,000,052 | -H-- | C] () -- C:\ProgramData\iPodAccessv4_OwnerName
[2009/03/29 18:01:26 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009/03/24 16:30:06 | 00,005,579 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/22 10:27:50 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/03/21 23:27:30 | 00,055,808 | ---- | C] () -- C:\Users\Brendan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 15:49:17 | 00,332,688 | ---- | C] () -- C:\Users\Brendan\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/03/03 22:59:00 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/03 22:59:00 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/03 22:59:00 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/03 22:59:00 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/03 22:58:58 | 00,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/07/26 14:42:52 | 00,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:31 | 00,000,276 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/09/23 00:48:43 | 00,077,824 | ---- | C] () -- C:\Windows\System32\LXBFLCNP.DLL
[2002/11/13 14:40:22 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2002/09/04 13:42:38 | 00,000,188 | ---- | C] () -- C:\Windows\System32\lxbfcoin.ini
========== LOP Check ========== [2009/03/23 22:10:11 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\.ABC
[2009/10/25 00:14:11 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Apowersoft
[2009/04/05 16:29:18 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Astro Gemini Software
[2009/09/21 17:29:49 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Auslogics
[2009/10/04 10:01:17 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Autoplay Menu Designer
[2009/05/11 20:42:07 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\CoreFTP
[2009/03/22 11:00:03 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\DAEMON Tools
[2009/03/22 11:05:59 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\DAEMON Tools Lite
[2009/03/22 11:00:03 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\DAEMON Tools Pro
[2009/03/21 15:49:21 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Dell
[2009/05/27 22:29:41 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Image Zone Express
[2009/03/22 12:22:24 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Mass Extract
[2009/11/11 02:34:37 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Opera
[2009/03/25 21:35:14 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\PeaZip
[2009/03/21 17:15:02 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\PeerNetworking
[2009/04/04 13:12:38 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Printer Info Cache
[2009/09/27 01:07:44 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\Template
[2009/04/05 20:59:56 | 00,000,000 | ---D | M] -- C:\Users\Brendan\AppData\Roaming\TERMINAL Studio
[2009/11/12 00:30:57 | 00,000,290 | ---- | M] () -- C:\Windows\Tasks\Hitman Pro 3.5 Boot Task.job
[2009/11/12 12:33:40 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/11 18:42:25 | 00,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/12 12:33:41 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C6B03F8D-F5EB-484B-9385-36AD74A0FD01}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > < %SYSTEMDRIVE%\scecli.dll /s /md5 >[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 >[2007/04/26 05:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< %SYSTEMDRIVE%\atapi.sys /s /md5 >[2009/04/11 01:32:26 | 00,019,944 | ---- | M] () MD5 -- C:\Windows\System32\drivers\atapi.sys
[2009/03/03 22:38:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/03/03 22:38:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/03/03 22:38:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 23040 bytes -> C:\Windows\explorer.exe:userini.exe
< End of report >