OTL logfile created on: 3/6/2010 5:41:17 AM - Run 2
OTL by OldTimer - Version 3.1.32.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 1152 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 8.24 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCOTT
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/03/01 00:03:53 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/12/21 19:04:44 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/16 18:10:36 | 000,589,824 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/13 08:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/06/13 08:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/01 00:03:53 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] --  -- (KodakCCS)
SRV - [2009/10/16 18:10:36 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/10/16 18:00:52 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://news.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/nwshp?hl=en&tab=wn&q="
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.8
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 19:04:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/13 01:36:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka 3.6a1\extensions\\Components: C:\Program Files\Namoroka 3.6 Alpha 1\components [2009/10/28 06:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Namoroka 3.6a1\extensions\\Plugins: C:\Program Files\Namoroka 3.6 Alpha 1\plugins [2009/10/21 03:22:51 | 000,000,000 | ---D | M]
 
[2008/06/17 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/03/06 05:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions
[2009/07/16 20:20:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/25 23:10:18 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/07/06 23:38:27 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/06/03 20:12:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/05/21 20:37:14 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2010/02/07 22:54:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/09 09:23:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/14 10:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/06/21 01:52:19 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/03/01 23:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/03/03 02:56:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/25 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\anycolor.pavlos256@gmail.com
[2009/01/14 06:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\es-AR@dictionaries.addons.mozilla.org
[2010/01/09 22:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\illimitux@illimitux.net
[2009/03/24 16:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\moveplayer@movenetworks.com
[2009/10/28 04:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lm9qw8v9.default\extensions\TFToolbarX@torrent-finder
[2010/03/06 05:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/11 10:44:29 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
 
O1 HOSTS File: ([2010/03/02 18:14:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Control Popups in Internet Explorer) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Program Files\PopupPopper\PopLib.dll (Bayden Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/03 22:28:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/20 16:33:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2010/03/06 05:08:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/03/03 19:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\win
[2010/03/03 19:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller
[2010/03/03 03:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Hiren's
[2010/03/02 22:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2010/03/02 20:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/02 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/02 20:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2010/03/02 19:15:08 | 000,000,000 | --SD | C] -- C:\gogo
[2010/03/02 17:59:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/02 17:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2010/03/02 16:33:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/02 13:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2010/03/01 23:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2010/03/01 23:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2010/03/01 00:03:52 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/28 20:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\scan logs
[2010/02/28 04:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/02/27 16:11:34 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/02/27 10:59:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/27 10:59:23 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/27 10:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 22:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/02/26 16:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/02/24 14:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/24 02:20:22 | 000,518,656 | R--- | C] (Safer Networking Limited) -- C:\Documents and Settings\Owner\Desktop\sfp.exe
[2010/02/23 19:59:47 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/02/22 05:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\TMRBLog
[2010/02/22 05:04:32 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\RootkitBuster.exe
[2009/04/09 15:31:44 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoin.dll
[2009/04/09 15:29:20 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2009/04/09 15:29:20 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2009/04/09 15:29:19 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2009/04/09 15:29:19 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2009/04/09 15:29:19 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2009/04/09 15:29:19 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2009/04/09 15:29:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2009/04/09 15:29:18 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2009/04/09 15:29:18 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2009/04/09 15:29:16 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2009/04/09 15:29:16 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[2009/03/28 02:17:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[2010/03/03 19:20:35 | 001,114,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\revosetup.exe
[2010/03/03 18:39:31 | 000,000,308 | -H-- | M] () -- C:\boot.ini
[2010/03/03 18:39:31 | 000,000,138 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/03 18:39:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/03 03:05:57 | 188,908,908 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hirens.BootCD.10.2.zip
[2010/03/02 22:32:37 | 004,528,093 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Janine's vaccine.pdf
[2010/03/02 20:49:59 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/02 20:30:14 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/03/02 19:10:37 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/02 19:08:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 18:58:55 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/03/02 18:58:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/02 18:14:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/02 17:48:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/02 06:30:38 | 000,909,117 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\registrycleaner_en.zip
[2010/03/02 05:32:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/02 05:14:55 | 003,876,630 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\gogo.exe
[2010/03/01 23:56:39 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VirusTotal Uploader 2.0.lnk
[2010/03/01 20:41:32 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2010/03/01 20:35:47 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Budgeex1.doc
[2010/03/01 02:44:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/03/01 02:43:45 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/03/01 00:03:53 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/28 12:46:32 | 032,378,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\g5c92u82.exe
[2010/02/27 16:11:34 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Owner\Desktop\HousecallLauncher.exe
[2010/02/27 12:17:10 | 000,007,146 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100219_120144.reg
[2010/02/27 10:59:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 02:45:32 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/02/25 14:41:33 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/02/24 14:52:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/23 03:56:25 | 004,227,221 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Untitled 1.odp
[2010/02/22 23:04:23 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\powerpoint.doc
[2010/02/22 15:07:58 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/22 00:07:48 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Assignment of Module Two.doc
[2010/02/21 04:30:53 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 19:54:07 | 000,381,555 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100224-150513.backup
[2010/02/20 19:48:17 | 000,030,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/03/03 19:20:33 | 001,114,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\revosetup.exe
[2010/03/03 03:03:59 | 188,908,908 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hirens.BootCD.10.2.zip
[2010/03/02 22:32:37 | 004,528,093 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Janine's vaccine.pdf
[2010/03/02 20:30:14 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk
[2010/03/02 06:30:33 | 000,909,117 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\registrycleaner_en.zip
[2010/03/02 05:14:54 | 003,876,630 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\gogo.exe
[2010/03/01 23:56:39 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VirusTotal Uploader 2.0.lnk
[2010/03/01 20:35:47 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Budgeex1.doc
[2010/03/01 02:44:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/03/01 02:43:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/02/28 12:22:02 | 032,378,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\g5c92u82.exe
[2010/02/27 10:59:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 10:18:19 | 000,007,380 | ---- | C] () -- C:\WINDOWS\System32\winspy.tlb
[2010/02/27 02:45:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/02/24 14:52:12 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/02/23 03:56:25 | 004,227,221 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Untitled 1.odp
[2010/02/22 23:04:23 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\powerpoint.doc
[2010/02/22 05:12:37 | 000,024,602 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\CleanUp!.log
[2010/02/21 23:56:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2010/02/21 04:28:45 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Assignment of Module Two.doc
[2010/02/01 04:43:36 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2009/11/12 16:28:31 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009/08/20 23:28:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/04/09 15:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2009/04/09 15:30:57 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2009/04/09 15:30:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2009/04/09 15:30:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2009/04/09 15:29:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2009/04/09 15:29:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2009/04/09 15:29:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/03/28 02:17:56 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2009/03/28 02:17:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/03/28 02:17:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/03/28 02:17:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/03/27 17:45:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/28 10:50:44 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/01/28 10:50:44 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/06 21:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/08 22:36:21 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AutoGK.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/06/12 22:25:01 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/04 02:28:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/23 19:06:12 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2007/02/26 13:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 13:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 13:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 13:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 13:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 13:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 13:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 13:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 13:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 13:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 13:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 11:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 11:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 11:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 11:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 11:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 11:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 11:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 11:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 11:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 11:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 11:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 11:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 11:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 11:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 11:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 11:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 11:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 11:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 11:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/25 15:11:22 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/11/25 15:11:19 | 000,000,425 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/09/20 16:09:27 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/09/20 16:09:02 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2006/07/07 07:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006/06/22 17:35:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/21 17:06:20 | 000,005,120 | R--- | C] () -- C:\WINDOWS\TBManage.dll
[2006/06/21 13:51:14 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2006/06/20 21:12:55 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2006/06/20 21:11:36 | 000,003,443 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/03/29 19:59:10 | 000,029,919 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2006/01/10 22:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2006/01/10 22:11:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2003/02/12 10:20:24 | 000,006,942 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2002/10/15 14:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/17 14:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/01/08 02:09:20 | 000,012,285 | ---- | C] () -- C:\WINDOWS\Cadx3.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/11/25 15:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2009/01/08 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/10/20 21:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lexmark 3600-4600 Series
[2007/09/29 04:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/11/18 04:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2007/12/23 18:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
[2010/03/02 05:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/08/11 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ThumbnailCache4R
[2008/03/14 03:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2009/03/28 06:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vsosdk
[2009/02/26 14:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/02/03 03:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVI ReComp
[2006/11/25 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Organizer
[2006/11/25 22:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer
[2008/03/14 02:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2009/06/21 19:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/06/15 02:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2009/02/18 14:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/01/09 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JAM Software
[2006/11/20 13:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/09 16:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2007/07/11 14:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2008/04/18 22:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Megaupload
[2009/03/01 22:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2009/09/13 01:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2008/04/13 01:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCToolsFirewallPlus
[2007/12/23 18:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrevxCSI
[2010/03/01 23:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\QuickScan
[2009/10/19 23:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Schoolhouse Technologies
[2009/06/19 15:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/02/13 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/19 01:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/12/25 19:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2009/09/01 12:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinWay
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2006/06/21 15:09:52 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/03 12:30:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/06/21 15:09:52 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/03 12:30:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/06/21 15:09:52 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/03 12:30:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/06/21 15:09:52 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/03 12:30:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/07/16 12:24:25 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/10/24 14:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/03 23:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav  >[/color]
[2006/06/19 16:27:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/19 16:27:37 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/19 16:27:37 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpa.dbl:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\cc_20100219_120144.reg:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\gmer.exe:SummaryInformation
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\Owner\Desktop\License Agreement.html:AFP_AfpInfo
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6
< End of report >