[code] OTS logfile created on: 7/14/2010 3:12:18 PM - Run 1 OTS by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\Tera Stamper\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 228.00 Mb Available Physical Memory | 22.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 86.76 Gb Total Space | 34.84 Gb Free Space | 40.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: D2K7GY91 Current User Name: Tera Stamper Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Tera Stamper\Desktop\OTS.exe -> [2010/07/14 15:10:42 | 000,640,512 | ---- | M] (OldTimer Tools) superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> [2010/07/06 08:30:39 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) ccsvchst.exe -> C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe -> [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) vcddaemon.exe -> C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe -> [2008/06/29 17:01:01 | 000,052,168 | ---- | M] (Elaborate Bytes AG) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) pifsvc.exe -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) hpzipm12.exe -> C:\WINDOWS\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) vpnagent.exe -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2007/04/23 05:12:52 | 000,336,944 | ---- | M] (Cisco Systems, Inc.) msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) ding.exe -> C:\Program Files\Southwest Airlines\Ding\Ding.exe -> [2006/06/22 15:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) wlkeeper.exe -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> [2006/05/01 09:28:26 | 000,602,182 | ---- | M] (Intel Corporation) zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2006/05/01 09:28:06 | 000,667,718 | ---- | M] (Intel Corporation) dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2006/05/01 09:26:14 | 000,397,381 | ---- | M] (Intel Corporation) s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) mm_tray.exe -> C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> [2006/01/18 15:00:30 | 000,110,592 | ---- | M] (Musicmatch, Inc.) mmdiag.exe -> C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe -> [2006/01/18 15:00:30 | 000,102,400 | ---- | M] (Musicmatch, Inc.) mim.exe -> C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe -> [2006/01/18 15:00:28 | 000,479,232 | ---- | M] (Musicmatch, Inc.) stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/11/16 21:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) mhprmind.exe -> C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE -> [1998/12/05 00:00:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Tera Stamper\Desktop\OTS.exe -> [2010/07/14 15:10:42 | 000,640,512 | ---- | M] (OldTimer Tools) msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found (NAV) Norton AntiVirus [Unknown | Running] -> C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe -> [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/12/27 18:11:24 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) (LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) (vpnagent) Cisco AnyConnect VPN Agent [Auto | Running] -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -> [2007/04/23 05:12:52 | 000,336,944 | ---- | M] (Cisco Systems, Inc.) (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2006/05/01 09:34:00 | 000,262,217 | ---- | M] (Intel(R) Corporation) (S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2006/05/01 09:22:42 | 000,540,745 | ---- | M] (Intel Corporation ) (EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2006/05/01 09:20:52 | 000,114,753 | ---- | M] (Intel Corporation) (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2006/05/01 09:20:26 | 000,217,164 | ---- | M] (Intel Corporation) [Driver Services - Safe List] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found (SymIMMP) SymIMMP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\SymIM.sys -> File not found (SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\SymIM.sys -> File not found (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100713.003\navex15.sys -> [2010/07/13 11:55:30 | 001,347,504 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\VirusDefs\20100713.003\naveng.sys -> [2010/07/13 11:55:30 | 000,085,552 | ---- | M] (Symantec Corporation) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/07/06 08:30:39 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/07/06 08:30:39 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/07/06 08:30:39 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (IDSxpx86) IDSxpx86 [Kernel | On_Demand | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20100712.001\IDSXpx86.sys -> [2010/07/06 03:15:40 | 000,331,640 | ---- | M] (Symantec Corporation) (BHDrvx86) BHDrvx86 [Kernel | System | Running] -> C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys -> [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/05/27 15:45:38 | 000,371,248 | ---- | M] (Symantec Corporation) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2010/05/27 15:45:38 | 000,102,448 | ---- | M] (Symantec Corporation) (SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS -> [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2010/05/04 19:08:49 | 000,124,976 | ---- | M] (Symantec Corporation) (SymIRON) Symantec Iron Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS -> [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) (SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS -> [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) (SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS -> [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) (SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS -> [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) (ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys -> [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) (SymDS) Symantec Data Store [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS -> [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) (ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ElbyCDIO.sys -> [2008/07/21 07:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) (VClone) VClone [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VClone.sys -> [2008/07/16 19:12:47 | 000,028,672 | ---- | M] (Elaborate Bytes AG) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (vpnva) Cisco AnyConnect VPN Virtual Miniport Adapter for Windows [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\vpnva.sys -> [2007/04/23 05:09:58 | 000,024,176 | ---- | M] (Cisco Systems, Inc.) (elagopro) GoProto Protocol Driver for LELA [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\elagopro.sys -> [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) (elaunidr) UniDriver for LELA [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\elaunidr.sys -> [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2006/05/03 23:53:24 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2006/05/01 09:52:02 | 000,013,568 | ---- | M] (Intel Corporation) (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\w39n51.sys -> [2006/04/27 07:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DPV.sys -> [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWAZL.sys -> [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_CNXT.sys -> [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) (APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudfa.sys -> [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudf.sys -> [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnifs.sys -> [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsncofs.sys -> [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) (tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnboio.sys -> [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnopio.sys -> [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnpool.sys -> [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndrct.sys -> [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndres.sys -> [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\drvnddm.sys -> [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) (sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\sscdbhk5.sys -> [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\system32\drivers\ssrtln.sys -> [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\omci.sys -> [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.msn.com/ -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com -> HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> -> HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:5555 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{844DC0E3-0AA9-42F2-817F-C13478600E9F} -> C:\Documents and Settings\Tera Stamper\Local Settings\Application Data\{844DC0E3-0AA9-42F2-817F-C13478600E9F} [C:\DOCUMENTS AND SETTINGS\TERA STAMPER\LOCAL SETTINGS\APPLICATION DATA\{844DC0E3-0AA9-42F2-817F-C13478600E9F}] -> [2010/01/24 09:51:26 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} -> C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPLGN\ [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\IPSFFPLGN\] -> [2010/07/13 12:59:13 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> < HOSTS File > ([2004/08/10 05:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll [Symantec Intrusion Prevention] -> [2010/05/13 20:41:20 | 000,079,224 | R--- | M] (Symantec Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> [2006/11/09 16:21:52 | 000,440,056 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found "IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2006/05/01 09:28:26 | 000,602,182 | ---- | M] (Intel Corporation) "IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2006/05/01 09:28:06 | 000,667,718 | ---- | M] (Intel Corporation) "ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) "MimBoot" -> C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe [C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe] -> [2006/01/18 15:00:28 | 000,008,192 | ---- | M] (Musicmatch, Inc.) "MMTray" -> C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe ["C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"] -> [2006/01/18 15:00:30 | 000,110,592 | ---- | M] (Musicmatch, Inc.) "ShowLOMControl" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found "SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/11/16 21:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) "Symantec PIF AlertEng" -> C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) "VirtualCloneDrive" -> C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe ["C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s] -> [2008/06/29 17:01:01 | 000,052,168 | ---- | M] (Elaborate Bytes AG) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) "SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2010/07/06 08:30:39 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Tera Stamper Startup Folder > -> C:\Documents and Settings\Tera Stamper\Start Menu\Programs\Startup -> C:\Documents and Settings\Tera Stamper\Start Menu\Programs\Startup\DING!.lnk -> C:\Program Files\Southwest Airlines\Ding\Ding.exe -> [2006/06/22 15:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) C:\Documents and Settings\Tera Stamper\Start Menu\Programs\Startup\Microsoft Greetings Reminders.lnk -> C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE -> [1998/12/05 00:00:00 | 000,040,960 | ---- | M] (Microsoft Corporation) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoCDBurning" -> [0] -> File not found \\"HonorAutoRunSetting" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 03:39:00 | 001,347,728 | ---- | M] (Microsoft) \\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 02:03:28 | 000,001,293 | ---- | M] () < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> Reg Error: Value error. [Reg Error: Value error.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: Sun Java Console] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation) {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> Reg Error: Value error. [Button: PartyPoker.com] -> File not found {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: PartyPoker.com] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Sun Java Console] -> File not found CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [PartyPoker.com] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 54 domain(s) found. -> turbotax.com .[https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6F750203-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab [Kodak Gallery Easy Upload Manager Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab [Java Plug-in 1.5.0_08] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> {EFD1E13D-1CB3-4545-B754-CA410FE7734F} [HKLM] -> http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab [Photo Upload Plugin Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 10.1.61.21 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1FA480C8-6718-48F5-BA3A-5C795FACB06A}\\DhcpNameServer -> 10.1.61.21 (Broadcom 440x 10/100 Integrated Controller) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 14:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com) igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/11/19 03:37:32 | 000,139,264 | ---- | M] (Intel Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" -> C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe [C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application] -> [2008/03/05 12:01:26 | 005,648,072 | ---- | M] () "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" -> C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe [C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services] -> [2008/03/04 12:16:20 | 000,537,944 | ---- | M] () < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2006/08/22 10:45:55 | 000,159,744 | ---- | M] () "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/03/06 02:06:00 | 012,707,696 | ---- | M] (Microsoft Corporation) "C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" -> C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe [C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application] -> [2008/03/05 12:01:26 | 005,648,072 | ---- | M] () "C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe" -> C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe [C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services] -> [2008/03/04 12:16:20 | 000,537,944 | ---- | M] () "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> [2008/03/06 00:29:49 | 010,343,712 | ---- | M] (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> [2007/10/22 19:56:52 | 003,597,600 | ---- | M] (Intuit, Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{361ac05d-0e0d-11da-9aa9-806d6172696f} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command \{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command\\"" -> E:\setup.exe [E:\setup.exe] -> File not found \{8927668c-9c8c-11dc-a988-001422f5c45b} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8927668c-9c8c-11dc-a988-001422f5c45b}\Shell\AutoRun\command \{8927668c-9c8c-11dc-a988-001422f5c45b}\Shell\AutoRun\command\\"" -> E:\travel&work.exe [E:\travel&work.exe] -> File not found \{8927668c-9c8c-11dc-a988-001422f5c45b} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8927668c-9c8c-11dc-a988-001422f5c45b}\Shell\Shell00\Command \{8927668c-9c8c-11dc-a988-001422f5c45b}\Shell\Shell00\Command\\"" -> E:\travel&work.exe [E:\travel&work.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 19:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 7/8/2010 12:23:32 PM Computer Name = D2K7GY91 | Source = MsiInstaller | ID = 1002 -> Description = Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\B97CF7F995034624490593BE63E82352\SourceList' Application [ Error ] 7/8/2010 12:31:12 PM Computer Name = D2K7GY91 | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 7/8/2010 12:31:13 PM Computer Name = D2K7GY91 | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Application [ Error ] 7/9/2010 11:29:05 AM Computer Name = D2K7GY91 | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 7/9/2010 11:29:06 AM Computer Name = D2K7GY91 | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Cisco AnyConnect VPN Client [ Error ] 2/6/2008 1:08:37 AM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 2/10/2008 2:31:11 AM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 3/13/2008 1:27:00 AM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 4/7/2008 11:46:49 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 7/30/2008 9:08:04 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 5/30/2010 5:16:34 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 5/31/2010 10:53:20 AM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 6/29/2010 3:58:26 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 7/9/2010 3:58:28 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. Cisco AnyConnect VPN Client [ Error ] 7/12/2010 3:47:54 PM Computer Name = D2K7GY91 | Source = vpnagent | ID = 50331649 -> Description = Function: WaitForSingleObject Return code: 6 File: C:\temp\build\thehoff\release0.662121392113-Mon-23-Apr-2007-10-08-48\release\Agent\Agent.cpp Line: 606 Description: The handle is invalid. System [ Error ] 7/12/2010 9:36:55 AM Computer Name = D2K7GY91 | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty. System [ Error ] 7/12/2010 9:48:55 AM Computer Name = D2K7GY91 | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty. System [ Error ] 7/12/2010 10:24:15 AM Computer Name = D2K7GY91 | Source = Windows Update Agent | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3. System [ Error ] 7/12/2010 10:30:20 AM Computer Name = D2K7GY91 | Source = Windows Update Agent | ID = 20 -> Description = Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3. System [ Error ] 7/12/2010 10:44:31 AM Computer Name = D2K7GY91 | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. System [ Error ] 7/12/2010 10:44:31 AM Computer Name = D2K7GY91 | Source = Service Control Manager | ID = 7000 -> Description = The Application Layer Gateway Service service failed to start due to the following error: %%1053 System [ Error ] 7/13/2010 5:32:36 PM Computer Name = D2K7GY91 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 7/13/2010 5:32:36 PM Computer Name = D2K7GY91 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. System [ Error ] 7/13/2010 5:32:38 PM Computer Name = D2K7GY91 | Source = W32Time | ID = 39452689 -> Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) System [ Error ] 7/13/2010 5:32:38 PM Computer Name = D2K7GY91 | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\Tera Stamper\Desktop\OTS.exe -> [2010/07/14 15:10:39 | 000,640,512 | ---- | C] (OldTimer Tools) Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2010/07/12 16:17:48 | 000,000,000 | ---D | C] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2010/07/12 16:17:48 | 000,000,000 | ---D | C] spybotsd162.exe -> C:\Documents and Settings\Tera Stamper\Desktop\spybotsd162.exe -> [2010/07/12 15:29:58 | 016,409,960 | ---- | C] (Safer Networking Limited ) Microsoft Visual Studio -> C:\Program Files\Microsoft Visual Studio -> [2010/07/12 11:05:43 | 000,000,000 | ---D | C] Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2010/07/12 11:04:17 | 000,000,000 | ---D | C] Microsoft Help -> C:\Documents and Settings\Tera Stamper\Local Settings\Application Data\Microsoft Help -> [2010/07/12 10:57:32 | 000,000,000 | ---D | C] Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help -> [2010/07/12 10:57:20 | 000,000,000 | ---D | C] MSOCache -> C:\MSOCache -> [2010/07/12 10:53:44 | 000,000,000 | RH-D | C] stinger1001934.exe -> C:\Documents and Settings\Tera Stamper\Desktop\stinger1001934.exe -> [2010/07/12 10:51:14 | 008,251,911 | ---- | C] (McAfee Inc.) PCHealth -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth -> [2010/07/12 02:09:07 | 000,000,000 | ---D | C] MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/07/09 15:19:57 | 000,221,568 | ---- | C] (Microsoft Corporation) Windows Defender -> C:\Program Files\Windows Defender -> [2010/07/09 15:16:11 | 000,000,000 | ---D | C] Prefetch -> C:\WINDOWS\Prefetch -> [2010/07/09 03:20:26 | 000,000,000 | ---D | C] scripting -> C:\WINDOWS\System32\scripting -> [2010/07/08 17:15:58 | 000,000,000 | ---D | C] l2schemas -> C:\WINDOWS\l2schemas -> [2010/07/08 17:15:52 | 000,000,000 | ---D | C] en -> C:\WINDOWS\System32\en -> [2010/07/08 17:15:35 | 000,000,000 | ---D | C] bits -> C:\WINDOWS\System32\bits -> [2010/07/08 17:15:32 | 000,000,000 | ---D | C] network diagnostic -> C:\WINDOWS\network diagnostic -> [2010/07/08 14:27:06 | 000,000,000 | ---D | C] $NtServicePackUninstall$ -> C:\WINDOWS\$NtServicePackUninstall$ -> [2010/07/08 14:07:59 | 000,000,000 | -H-D | C] OTL.exe -> C:\Documents and Settings\Tera Stamper\Desktop\OTL.exe -> [2010/07/06 10:30:14 | 000,513,536 | ---- | C] (OldTimer Tools) SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/07/01 12:47:15 | 000,000,000 | ---D | C] Little_Apps_(http___www.l -> C:\Documents and Settings\Tera Stamper\Local Settings\Application Data\Little_Apps_(http___www.l -> [2010/07/01 12:46:37 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Documents and Settings\Tera Stamper\Application Data\SUPERAntiSpyware.com -> [2010/07/01 12:46:29 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/07/01 12:46:29 | 000,000,000 | ---D | C] Little Registry Cleaner -> C:\Program Files\Common Files\Little Registry Cleaner -> [2010/07/01 12:34:02 | 000,000,000 | ---D | C] Little Registry Cleaner -> C:\Program Files\Little Registry Cleaner -> [2010/07/01 11:57:21 | 000,000,000 | ---D | C] stinger1010843.exe -> C:\Documents and Settings\Tera Stamper\Desktop\stinger1010843.exe -> [2010/06/30 09:52:13 | 007,990,279 | ---- | C] (McAfee Inc.) iedvtool.dll -> C:\WINDOWS\System32\dllcache\iedvtool.dll -> [2010/06/30 08:36:02 | 000,743,424 | ---- | C] (Microsoft Corporation) Tific -> C:\Documents and Settings\Tera Stamper\Application Data\Tific -> [2010/06/29 22:35:56 | 000,000,000 | ---D | C] Symantec -> C:\Documents and Settings\Tera Stamper\Local Settings\Application Data\Symantec -> [2010/06/29 22:35:47 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\Tera Stamper\Application Data\Malwarebytes -> [2010/06/29 15:12:38 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/06/29 15:12:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/06/29 15:12:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/06/29 15:12:28 | 000,000,000 | ---D | C] Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/06/29 15:12:27 | 000,000,000 | ---D | C] 5 C:\Documents and Settings\Tera Stamper\My Documents\*.tmp files -> C:\Documents and Settings\Tera Stamper\My Documents\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Documents and Settings\Tera Stamper\Desktop\OTS.exe -> [2010/07/14 15:10:42 | 000,640,512 | ---- | M] (OldTimer Tools) MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/07/14 15:05:59 | 000,000,330 | -H-- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/07/14 15:05:17 | 000,002,206 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/07/14 15:03:02 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/07/14 15:02:44 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/07/14 15:02:35 | 1063,714,816 | -HS- | M] () NTUSER.DAT -> C:\Documents and Settings\Tera Stamper\NTUSER.DAT -> [2010/07/13 16:42:13 | 005,505,024 | -H-- | M] () ntuser.ini -> C:\Documents and Settings\Tera Stamper\ntuser.ini -> [2010/07/13 16:41:58 | 000,000,178 | -HS- | M] () GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Tera Stamper\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/07/13 16:01:50 | 000,130,440 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/07/13 15:56:28 | 000,429,392 | ---- | M] () win.ini -> C:\WINDOWS\win.ini -> [2010/07/13 14:25:37 | 000,000,607 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Tera Stamper\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/07/12 16:17:56 | 000,000,951 | ---- | M] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Tera Stamper\Desktop\Spybot - Search & Destroy.lnk -> [2010/07/12 16:17:56 | 000,000,933 | ---- | M] () spybotsd162.exe -> C:\Documents and Settings\Tera Stamper\Desktop\spybotsd162.exe -> [2010/07/12 15:29:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/07/12 15:24:00 | 000,000,284 | ---- | M] () stinger1001934.opt -> C:\Documents and Settings\Tera Stamper\Desktop\stinger1001934.opt -> [2010/07/12 13:51:34 | 000,000,017 | ---- | M] () stinger1001934.exe -> C:\Documents and Settings\Tera Stamper\Desktop\stinger1001934.exe -> [2010/07/12 10:51:13 | 008,251,911 | ---- | M] (McAfee Inc.) WindowsDefender.msi -> C:\Documents and Settings\Tera Stamper\Desktop\WindowsDefender.msi -> [2010/07/09 14:33:57 | 005,154,304 | ---- | M] () imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/07/09 10:31:30 | 000,001,355 | ---- | M] () PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/07/09 03:25:09 | 000,524,016 | ---- | M] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/07/09 03:25:09 | 000,443,034 | ---- | M] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/07/09 03:25:09 | 000,072,134 | ---- | M] () WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2010/07/09 03:23:48 | 000,316,640 | ---- | M] () iis6.BAK -> C:\WINDOWS\iis6.BAK -> [2010/07/08 18:09:32 | 002,405,378 | ---- | M] () ntldr -> C:\ntldr -> [2010/07/08 14:18:17 | 000,250,048 | RHS- | M] () wklnhst.dat -> C:\Documents and Settings\Tera Stamper\Application Data\wklnhst.dat -> [2010/07/08 11:48:50 | 000,049,858 | ---- | M] () SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/07/01 12:46:45 | 000,000,780 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/06/29 15:12:33 | 000,000,696 | ---- | M] () KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2010/06/29 14:43:24 | 000,006,580 | -HS- | M] () 5EC5001610.sys -> C:\WINDOWS\System32\5EC5001610.sys -> [2010/06/29 14:43:23 | 000,000,088 | RHS- | M] () 64 C:\Documents and Settings\Tera Stamper\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tera Stamper\Local Settings\Temp\*.tmp -> 64 C:\Documents and Settings\Tera Stamper\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tera Stamper\Local Settings\Temp\*.tmp -> 5 C:\Documents and Settings\Tera Stamper\My Documents\*.tmp files -> C:\Documents and Settings\Tera Stamper\My Documents\*.tmp -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Tera Stamper\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/07/12 16:17:56 | 000,000,951 | ---- | C] () Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Tera Stamper\Desktop\Spybot - Search & Destroy.lnk -> [2010/07/12 16:17:56 | 000,000,933 | ---- | C] () stinger1001934.opt -> C:\Documents and Settings\Tera Stamper\Desktop\stinger1001934.opt -> [2010/07/12 13:51:34 | 000,000,017 | ---- | C] () MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/07/09 15:19:20 | 000,000,330 | -H-- | C] () WindowsDefender.msi -> C:\Documents and Settings\Tera Stamper\Desktop\WindowsDefender.msi -> [2010/07/09 14:33:57 | 005,154,304 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/07/08 10:31:29 | 1063,714,816 | -HS- | C] () gmer.exe -> C:\Documents and Settings\Tera Stamper\Desktop\gmer.exe -> [2010/07/06 10:29:09 | 000,293,376 | ---- | C] () SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2010/07/01 12:46:43 | 000,000,780 | ---- | C] () Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/06/29 15:12:33 | 000,000,696 | ---- | C] () MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2008/05/17 07:28:42 | 000,000,118 | ---- | C] () hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2007/03/20 21:27:30 | 000,077,824 | R--- | C] () wpd99.drv -> C:\WINDOWS\wpd99.drv -> [2007/03/18 18:06:55 | 000,000,107 | ---- | C] () pdfmona.dll -> C:\WINDOWS\System32\pdfmona.dll -> [2007/03/18 18:06:37 | 000,118,784 | ---- | C] () pdf995mon.dll -> C:\WINDOWS\System32\pdf995mon.dll -> [2007/03/18 18:06:37 | 000,051,716 | ---- | C] () ImportClient.INI -> C:\WINDOWS\ImportClient.INI -> [2006/12/18 12:04:13 | 000,000,081 | ---- | C] () msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/09/09 17:18:59 | 000,000,002 | ---- | C] () PretzelSpellCheck.dll -> C:\WINDOWS\System32\PretzelSpellCheck.dll -> [2006/09/09 17:13:06 | 000,053,248 | ---- | C] () Bti.ini -> C:\WINDOWS\Bti.ini -> [2006/09/09 17:12:37 | 000,000,751 | ---- | C] () Ptsaci40.dll -> C:\WINDOWS\System32\Ptsaci40.dll -> [2006/09/09 17:12:35 | 000,116,640 | ---- | C] () 101600C55E.sys -> C:\WINDOWS\System32\101600C55E.sys -> [2006/08/03 22:23:13 | 000,000,056 | RHS- | C] () GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] () 5EC5001610.sys -> C:\WINDOWS\System32\5EC5001610.sys -> [2006/05/16 15:12:13 | 000,000,088 | RHS- | C] () KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2006/05/16 15:03:12 | 000,006,580 | -HS- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/04 00:08:01 | 000,000,061 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/04 00:02:51 | 000,000,376 | ---- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/03 23:54:26 | 000,000,138 | ---- | C] () rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2006/05/03 23:19:26 | 000,016,480 | ---- | C] () OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/05/03 23:18:46 | 000,000,390 | ---- | C] () GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] () GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/08/16 04:37:24 | 000,001,793 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 14:01:54 | 000,239,104 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2005/04/09 16:49:48 | 000,000,000 | ---- | C] () MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () [File - Lop Check] Cisco -> C:\Documents and Settings\All Users\Application Data\Cisco -> [2007/12/22 23:44:13 | 000,000,000 | ---D | M] pdf995 -> C:\Documents and Settings\All Users\Application Data\pdf995 -> [2007/03/18 18:06:38 | 000,000,000 | ---D | M] Rosetta Stone -> C:\Documents and Settings\All Users\Application Data\Rosetta Stone -> [2009/06/02 21:56:45 | 000,000,000 | ---D | M] TaxCut -> C:\Documents and Settings\All Users\Application Data\TaxCut -> [2010/02/27 17:42:19 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2010/07/12 10:16:07 | 000,000,000 | ---D | M] {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/12/04 19:04:25 | 000,000,000 | ---D | M] AICPA -> C:\Documents and Settings\Tera Stamper\Application Data\AICPA -> [2007/02/26 12:24:09 | 000,000,000 | ---D | M] Costco Photo Viewer US -> C:\Documents and Settings\Tera Stamper\Application Data\Costco Photo Viewer US -> [2007/07/01 09:15:53 | 000,000,000 | ---D | M] CVS -> C:\Documents and Settings\Tera Stamper\Application Data\CVS -> [2009/06/27 13:46:32 | 000,000,000 | ---D | M] Downloaded Installations -> C:\Documents and Settings\Tera Stamper\Application Data\Downloaded Installations -> [2006/12/18 12:34:00 | 000,000,000 | ---D | M] EBookSys -> C:\Documents and Settings\Tera Stamper\Application Data\EBookSys -> [2009/04/13 20:45:11 | 000,000,000 | ---D | M] Image Zone Express -> C:\Documents and Settings\Tera Stamper\Application Data\Image Zone Express -> [2007/04/19 09:53:13 | 000,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Tera Stamper\Application Data\Leadertech -> [2006/07/13 12:46:10 | 000,000,000 | ---D | M] Snapfish -> C:\Documents and Settings\Tera Stamper\Application Data\Snapfish -> [2007/05/08 10:04:51 | 000,000,000 | ---D | M] Southwest Airlines -> C:\Documents and Settings\Tera Stamper\Application Data\Southwest Airlines -> [2007/01/18 15:31:37 | 000,000,000 | ---D | M] TaxCut -> C:\Documents and Settings\Tera Stamper\Application Data\TaxCut -> [2010/02/27 17:46:58 | 000,000,000 | ---D | M] Template -> C:\Documents and Settings\Tera Stamper\Application Data\Template -> [2006/07/12 09:51:03 | 000,000,000 | ---D | M] Tific -> C:\Documents and Settings\Tera Stamper\Application Data\Tific -> [2010/06/29 22:35:56 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Tera Stamper\Application Data\Viewpoint -> [2007/01/28 19:32:26 | 000,000,000 | ---D | M] Wal-Mart Digital Photo Viewer -> C:\Documents and Settings\Tera Stamper\Application Data\Wal-Mart Digital Photo Viewer -> [2006/12/28 15:20:30 | 000,000,000 | ---D | M] MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/07/14 15:05:59 | 000,000,330 | -H-- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : .cab file -> C:\i386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) AGP440.SYS : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\i386\AGP440.SYS -> [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : .cab file -> C:\i386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/08/10 05:00:00 | 016,971,599 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys -> [2010/07/08 14:07:52 | 023,852,652 | ---- | M] () atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys -> [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\i386\eventlog.dll -> [2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=6C476D33D82F1054849790181E8F7772 -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\i386\netlogon.dll -> [2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll -> [2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\i386\scecli.dll -> [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > comsvcs.dll : Unable to obtain MD5 -> C:\WINDOWS\system32\comsvcs.dll -> [2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > default.sav -> C:\WINDOWS\system32\config\default.sav -> [2005/08/16 04:27:08 | 000,094,208 | ---- | M] () software.sav -> C:\WINDOWS\system32\config\software.sav -> [2005/08/16 04:27:08 | 000,659,456 | ---- | M] () system.sav -> C:\WINDOWS\system32\config\system.sav -> [2005/08/16 04:27:08 | 000,876,544 | ---- | M] () < %systemroot%\system32\drivers\*.sys /90 > mbam.sys -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) mbamswissarmy.sys -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) SYMEVENT.SYS -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2010/05/04 19:08:49 | 000,124,976 | ---- | M] (Symantec Corporation) Restore point Set: OTS Restore Point (0) [Files/Folders - Unicode - All] C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\磰ૌ -> [2007/05/31 16:12:11 | 000,000,000 | ---D | C] C:\WINDOWS\System32\?? -> C:\WINDOWS\System32\磰ૌ -> [2007/05/31 16:12:11 | 000,000,000 | ---D | M] < End of report > [/code]