OTL logfile created on: 8/8/2010 1:13:55 AM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Sesillia Vartanyan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 624.00 Mb Available Physical Memory | 62.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 82.78 Gb Total Space | 46.55 Gb Free Space | 56.23% Space Free | Partition Type: NTFS Drive D: | 9.35 Gb Total Space | 1.20 Gb Free Space | 12.81% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SESILLIAPC Current User Name: Sesillia Vartanyan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/08 00:56:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\OTL.exe PRC - [2010/07/25 12:06:05 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/07/25 12:06:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/08/11 16:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe PRC - [2005/08/11 16:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/08/08 00:56:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\OTL.exe MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\SESILL~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006/04/17 13:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006/03/31 21:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006/03/14 11:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/11/01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/10/13 02:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/08/22 08:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/08/22 08:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/08/22 08:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 20:20:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/08 00:24:12 | 000,000,000 | ---D | M] [2009/12/06 15:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Mozilla\Extensions [2010/08/07 10:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions [2010/07/24 08:05:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/08/03 20:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Mozilla\Firefox\Profiles\zftk3tp2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2009/12/06 15:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/08/08 00:21:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2281120290-584949905-2398814235-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: LanmanWorkstation - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/08/08 01:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/08/08 00:56:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\OTL.exe [2010/08/08 00:06:17 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/08/07 23:43:10 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\avg_free_stb_all_9_115_cnet.exe [2010/08/07 23:18:49 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\avgremover(2).exe [2010/08/07 20:28:43 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/08/07 20:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\Sunbelt Software [2010/08/05 18:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/08/05 18:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/08/05 18:31:14 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\spybotsd162.exe [2010/08/01 00:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Khosk Gab [2010/07/29 20:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010/07/29 20:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/29 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/07/29 11:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\QuickScan [2010/07/28 18:58:39 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\RkPavproc1.sys [2010/07/28 18:55:06 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010/07/28 18:37:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/28 18:37:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/28 18:37:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/28 18:37:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/28 18:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/28 18:31:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/27 21:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/07/22 21:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\C3560C269260DEAC70AADE320846CE8B [2010/07/10 14:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\U3 [2010/07/09 19:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\biz [2010/05/24 17:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Disneyland and Temecula [2010/05/23 13:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/08/08 01:08:11 | 000,001,405 | ---- | M] () -- C:\hpqp.ini [2010/08/08 01:08:10 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [2010/08/08 01:08:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/08 01:08:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/08 01:08:01 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys [2010/08/08 00:56:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\OTL.exe [2010/08/08 00:53:08 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\gmer.zip [2010/08/08 00:31:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/08 00:24:12 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/08/08 00:21:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/08 00:20:10 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\NTUSER.DAT [2010/08/08 00:20:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\ntuser.ini [2010/08/08 00:06:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/08/07 23:43:32 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\avg_free_stb_all_9_115_cnet.exe [2010/08/07 23:22:01 | 003,816,812 | R--- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\ComboFix.exe [2010/08/07 23:18:49 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\avgremover(2).exe [2010/08/07 20:28:43 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2010/08/05 18:33:52 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/08/05 18:33:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Spybot - Search & Destroy.lnk [2010/08/05 18:31:32 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\spybotsd162.exe [2010/08/05 06:39:58 | 004,843,712 | -H-- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\IconCache.db [2010/08/01 00:40:38 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/08/01 00:40:38 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Windows Media Player.lnk [2010/08/01 00:33:11 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/29 12:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\housecall.guid.cache [2010/07/28 18:18:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/28 18:08:20 | 000,000,461 | ---- | M] () -- C:\WINDOWS\win.ini [2010/07/28 18:08:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/07/15 22:54:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/27 11:06:39 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk [2010/06/12 03:22:56 | 000,252,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/12 03:06:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/08 00:53:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\gmer.zip [2010/08/08 00:06:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/08/08 00:06:19 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/08/07 23:21:01 | 003,816,812 | R--- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\ComboFix.exe [2010/08/05 18:33:52 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/08/05 18:33:52 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Spybot - Search & Destroy.lnk [2010/08/01 00:40:38 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/08/01 00:40:38 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Desktop\Windows Media Player.lnk [2010/07/29 12:00:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sesillia Vartanyan\Local Settings\Application Data\housecall.guid.cache [2010/07/28 18:37:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/28 18:37:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/28 18:37:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/28 18:37:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/28 18:37:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/28 18:09:13 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys [2010/07/15 22:54:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2007/12/05 16:41:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI [2007/09/05 13:44:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/11/04 20:49:10 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI [2006/07/23 15:58:05 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/07/23 15:55:07 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/07/23 15:29:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/07/23 15:25:40 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006/03/27 10:00:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/03/27 09:20:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/03/27 09:17:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/12/02 11:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/05/05 19:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [color=#E56717]========== LOP Check ==========[/color] [2010/08/07 23:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2006/09/13 12:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2008/12/01 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings [2008/05/19 11:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel [2008/05/22 12:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS [2007/01/12 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/08/24 22:07:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} [2008/11/20 22:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi [2010/07/22 21:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\C3560C269260DEAC70AADE320846CE8B [2010/04/02 00:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\Facebook [2010/07/29 11:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sesillia Vartanyan\Application Data\QuickScan [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2007/12/16 22:21:29 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe [2010/07/28 18:08:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/08/08 00:06:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr [2010/08/08 00:33:26 | 000,013,571 | ---- | M] () -- C:\ComboFix.txt [2010/08/08 01:08:01 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys [2010/08/08 01:08:11 | 000,001,405 | ---- | M] () -- C:\hpqp.ini [2006/11/04 20:49:12 | 000,000,000 | ---- | M] () -- C:\IO.SYS [2008/05/22 12:44:46 | 000,000,000 | ---- | M] () -- C:\law.sp [2006/11/04 20:49:12 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com [2009/12/06 16:20:04 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/08/08 01:08:00 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2009/05/17 14:48:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2009/05/21 21:29:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm [2009/05/26 19:19:40 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm [2009/06/04 20:08:30 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm [2009/06/09 21:33:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2009/06/18 22:43:17 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2009/08/01 14:06:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2009/08/10 21:21:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2009/08/16 13:20:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2009/10/05 21:08:49 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2009/11/01 11:02:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2009/11/08 18:16:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2009/11/15 14:52:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/11/22 21:56:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2009/11/30 20:46:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm [2009/04/14 21:38:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm [2009/04/14 21:39:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/17 18:55:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2009/04/17 18:56:08 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm [2009/05/10 13:31:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm [2009/05/17 14:48:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/05/21 21:29:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/05/26 19:19:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/06/04 20:08:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/06/09 21:33:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/06/18 22:43:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/08/01 14:06:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/08/10 21:21:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/08/16 13:20:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/10/05 21:08:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/11/01 11:02:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/11/08 18:16:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/11/15 14:52:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2009/11/22 21:56:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2009/11/30 20:46:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2009/04/14 21:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/14 21:39:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2009/04/17 18:55:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2009/04/17 18:56:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2009/05/10 13:31:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm [2009/12/04 21:03:48 | 000,050,534 | ---- | M] () -- C:\VETlog.dmp [2010/08/08 01:08:10 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [color=#A23BEC]< %systemroot%\system32\*.wt >[/color] [color=#A23BEC]< %systemroot%\system32\*.ruy >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [2005/09/24 09:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2006/03/27 08:59:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2006/03/27 00:48:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/03/27 00:48:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 04:53:37 < End of report >