OTL logfile created on: 11/26/2010 3:13:12 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\hedge\Desktop Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 449.13 Gb Total Space | 320.54 Gb Free Space | 71.37% Space Free | Partition Type: NTFS Drive D: | 124.00 Mb Total Space | 124.00 Mb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive E: | 15.00 Gb Total Space | 14.90 Gb Free Space | 99.35% Space Free | Partition Type: NTFS Drive M: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.67% Space Free | Partition Type: FAT Computer Name: HEDGE-PC | User Name: hedge | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/11/26 15:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTL.scr PRC - [2010/11/26 15:06:02 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTH.scr PRC - [2010/11/24 09:12:53 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/09/23 08:31:46 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/21 08:42:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/07/16 07:11:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/16 07:11:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/16 07:11:10 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/01/19 02:33:01 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2006/11/18 10:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe PRC - [2006/11/18 10:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2006/11/18 10:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2006/11/18 09:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2006/11/18 09:59:02 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe PRC - [2006/10/29 12:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/11/26 15:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTL.scr MOD - [2010/09/20 04:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2010/09/04 10:22:38 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll MOD - [2010/09/04 10:22:38 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll MOD - [2010/09/04 10:22:35 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll MOD - [2010/07/16 07:11:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2010/03/25 09:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2008/08/27 22:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2008/01/19 02:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2008/01/19 02:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2008/01/19 02:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2008/01/19 02:35:37 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll MOD - [2008/01/19 02:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2008/01/19 02:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2008/01/19 02:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Unknown | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2010/07/21 08:42:15 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/07/16 07:11:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/11/18 10:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R) SRV - [2006/11/18 10:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R) SRV - [2006/11/18 10:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R) SRV - [2006/11/18 09:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R) SRV - [2006/11/18 09:59:02 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM) SRV - [2006/10/29 12:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2006/09/29 15:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DDMI2.sys -- (SDDMI2) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010/07/22 06:37:29 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010/07/16 07:11:42 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/07/16 07:11:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/03 07:07:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/01/01 12:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2008/01/19 00:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2007/09/12 05:28:00 | 007,623,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/02/16 23:37:59 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007/02/15 19:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006/11/18 10:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2006/11/16 10:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006/11/14 16:32:22 | 000,077,952 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2006/11/02 12:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006/10/19 18:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2006/09/29 14:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2006/09/27 19:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro) DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.yahoo.com" FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.91 FF - prefs.js..network.proxy.no_proxies_on: "*.local" [2008/11/29 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\Mozilla\Extensions [2008/11/29 18:39:38 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\Mozilla\Firefox\Profiles\vhnfx17r.default\extensions [2008/11/29 18:39:37 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Users\hedge\AppData\Roaming\Mozilla\Firefox\Profiles\vhnfx17r.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115} O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [eyeBeam SIP Client] File not found O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Paladin Antivirus] C:\Program Files\Paladin Antivirus\pav.exe File not found O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: daimlerchrysler.com ([sodddm05.extra] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://sodddm05.extra.daimlerchrysler.com/iNotes6W.cab (iNotes6 Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool) O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://sodddm05.extra.daimlerchrysler.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/11/26 15:06:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTL.scr [2010/11/26 15:05:59 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTH.scr [2010/11/25 20:40:48 | 000,000,000 | ---D | C] -- C:\Users\hedge\Desktop\HijackThis [2010/11/11 03:01:42 | 000,000,000 | ---D | C] -- C:\29d1f9feb7f61ee434fe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/11/26 15:12:04 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/26 15:12:04 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/26 15:11:26 | 068,143,771 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/11/26 15:09:32 | 000,002,571 | ---- | M] () -- C:\Users\hedge\Desktop\Microsoft Excel 2010.lnk [2010/11/26 15:09:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/26 15:08:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTL.scr [2010/11/26 15:07:50 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/11/26 15:07:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4B7378AA-C85B-4444-91EB-6C0AE6F491B4}.job [2010/11/26 15:06:02 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\hedge\Desktop\OTH.scr [2010/11/26 15:05:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/26 15:05:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/26 15:05:18 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/26 15:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/26 15:05:04 | 2142,896,128 | -HS- | M] () -- C:\hiberfil.sys [2010/11/25 21:50:40 | 000,002,613 | ---- | M] () -- C:\Users\hedge\Desktop\Microsoft Word 2010.lnk [2010/11/25 20:15:38 | 000,000,852 | ---- | M] () -- C:\Users\hedge\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/11/25 20:15:38 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/11 22:04:20 | 000,149,022 | ---- | M] () -- C:\Windows\hpoins19.dat [2010/11/11 20:02:54 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/10/31 07:09:48 | 000,020,828 | ---- | M] () -- C:\Windows\System32\Support.xml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/11/26 15:05:04 | 2142,896,128 | -HS- | C] () -- C:\hiberfil.sys [2010/11/25 20:15:38 | 000,000,852 | ---- | C] () -- C:\Users\hedge\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2010/09/04 11:17:07 | 000,026,939 | ---- | C] () -- C:\Users\hedge\AppData\Roaming\Comma Separated Values (Windows).ADR [2010/04/13 19:44:54 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI [2009/09/06 10:51:36 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi [2009/08/22 10:41:46 | 000,001,370 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009/06/22 13:44:27 | 000,000,000 | ---- | C] () -- C:\Windows\Setup32.INI [2009/06/22 13:44:16 | 000,000,208 | ---- | C] () -- C:\Windows\TLCAPPS.INI [2008/09/11 00:35:21 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/04/03 19:12:21 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007/03/10 13:35:16 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2007/02/19 22:13:55 | 000,027,648 | ---- | C] () -- C:\Users\hedge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll [2006/01/24 11:33:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ExpLoansFromGenesis.dll [2003/11/12 10:16:58 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GNetParserX.dll [2002/07/26 21:24:58 | 000,790,528 | ---- | C] () -- C:\Windows\System32\FreeImageX.dll [2000/02/17 14:57:02 | 000,225,280 | ---- | C] () -- C:\Windows\System32\GN32.DLL [1999/10/13 15:59:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\GNS2KZIP.DLL [color=#E56717]========== LOP Check ==========[/color] [2009/02/28 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\ASAP Utilities [2010/03/15 11:41:39 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\deskUNPDF [2010/01/19 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\LEGO Company [2007/03/10 13:36:26 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\SlySoft [2010/03/15 11:41:19 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\Smart PDF Converter Pro [2008/10/15 19:00:29 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\Snapfish [2010/09/16 02:18:32 | 000,000,000 | ---D | M] -- C:\Users\hedge\AppData\Roaming\uTorrent [2010/11/25 20:22:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/11/26 15:07:28 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4B7378AA-C85B-4444-91EB-6C0AE6F491B4}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2007/01/30 13:35:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2007/02/16 23:30:35 | 000,029,385 | ---- | M] () -- C:\caavsetupLog.txt [2007/03/10 10:52:39 | 000,015,818 | ---- | M] () -- C:\caisslog.txt [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/11/26 15:05:04 | 2142,896,128 | -HS- | M] () -- C:\hiberfil.sys [2009/06/22 13:44:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/06/22 13:44:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2007/08/14 16:55:38 | 000,000,826 | ---- | M] () -- C:\net_save.dna [2010/11/26 15:05:02 | 2458,836,992 | -HS- | M] () -- C:\pagefile.sys [2010/02/10 22:16:26 | 000,000,681 | ---- | M] () -- C:\rkill.log [2008/03/22 03:12:06 | 000,000,440 | ---- | M] () -- C:\RoboFormDataHere.txt [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007/11/14 03:03:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007/11/14 03:03:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008/01/19 02:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006/11/02 04:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< %systemroot%\Fonts\*.com >[/color] [2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006/11/02 07:35:26 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color] [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini [color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color] [color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color] [2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2006/11/02 07:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color] [color=#A23BEC]< %systemroot%\system32\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.jpg >[/color] [color=#A23BEC]< %systemroot%\*.png >[/color] [color=#A23BEC]< %systemroot%\*.scr >[/color] [color=#A23BEC]< %systemroot%\*._sy >[/color] [color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2008/09/11 19:23:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [color=#A23BEC]< %APPDATA%\Update\*.* >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV [color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color] [color=#A23BEC]< %systemroot%\system32\bak. /s >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color] [color=#A23BEC]< %systemroot%\*.config >[/color] [color=#A23BEC]< %systemroot%\system32\*.db >[/color] [color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color] [2009/04/05 19:28:07 | 000,000,436 | -HS- | M] () -- C:\Users\hedge\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini [color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color] [color=#A23BEC]< %systemroot%\*.src >[/color] [color=#A23BEC]< %systemroot%\install\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color] [color=#A23BEC]< %systemroot%\winn32\*.* >[/color] [color=#A23BEC]< %systemroot%\Java\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\test\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color] [color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color] [color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color] [color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color] [color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color] [color=#A23BEC]< %USERPROFILE%\*.exe >[/color] [2010/04/08 12:00:44 | 000,060,744 | ---- | M] () -- C:\Users\hedge\g2mdlhlpx.exe [2009/03/07 17:56:54 | 000,060,968 | ---- | M] () -- C:\Users\hedge\GoToAssistDownloadHelper.exe [color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color] [2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf [color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Config\*.* >[/color] [color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color] [color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/color] [color=#A23BEC]< %ProgramFiles%\Microsoft Common\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color] [color=#A23BEC]< %USERPROFILE%\Favorites\*.url /x >[/color] [2007/08/30 03:33:08 | 000,000,402 | -HS- | M] () -- C:\Users\hedge\Favorites\desktop.ini [color=#A23BEC]< %systemroot%\system32\*.bk >[/color] [color=#A23BEC]< %systemroot%\*.te >[/color] [color=#A23BEC]< %systemroot%\system32\system32\*.* >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\*.dat /x >[/color] [2010/10/26 21:06:29 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2009/09/06 10:51:37 | 008,673,792 | ---- | M] () -- C:\ProgramData\atscie.msi [2010/11/11 22:04:21 | 000,001,370 | ---- | M] () -- C:\ProgramData\hpzinstall.log [2009/04/10 11:19:42 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol [color=#A23BEC]< %systemroot%\system32\drivers\*.rmv >[/color] [color=#A23BEC]< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >[/color] [color=#A23BEC]< dir /b "%systemroot%\*.exe" | find /i " " /c >[/color] [color=#A23BEC]< %PROGRAMFILES%\Microsoft\*.* >[/color] [color=#A23BEC]< %systemroot%\System32\Wbem\proquota.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\*.dat >[/color] [color=#A23BEC]< %USERPROFILE%\Cookies\*.txt /x >[/color] [color=#A23BEC]< %SystemRoot%\system32\fonts\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\winlog\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Language\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Settings\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.quo >[/color] [color=#A23BEC]< %SYSTEMROOT%\AppPatch\*.exe >[/color] [color=#A23BEC]< %SYSTEMROOT%\inf\*.exe >[/color] [color=#A23BEC]< %SYSTEMROOT%\Installer\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\config\*.bak2 >[/color] [color=#A23BEC]< %systemroot%\system32\Computers\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\Sound\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\SpecialImg\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\code\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\draft\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\MSSSys\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Javascript\*.* >[/color] [color=#A23BEC]< %systemroot%\pchealth\helpctr\System\*.exe /s >[/color] [color=#A23BEC]< %systemroot%\Web\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\msn\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.tro >[/color] [color=#A23BEC]< %AppData%\Microsoft\Installer\msupdates\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Messenger\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\systhem32\*.* >[/color] [color=#A23BEC]< %systemroot%\system\*.exe >[/color] [1999/09/10 12:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE [color=#A23BEC]< %USERPROFILE%\Templates\*.tmp >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\explorexxx.exe\*.* >[/color] [color=#A23BEC]< %Windir%\Installer\*.tmp >[/color] [color=#A23BEC]< %systemroot%\System32\*.xco >[/color] [color=#A23BEC]< %ProgramFiles%\system32\*.* >[/color] [color=#A23BEC]< %systemroot%\System32\windos\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\sandbox\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\*.amo >[/color] [color=#A23BEC]< %SystemRoot%\system32\Windows Live\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\logs\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Bifrost\*.* >[/color] [color=#A23BEC]< %SystemRoot%\system32\*.goo >[/color] [color=#A23BEC]< %systemroot%\system32\IME\*.* >[/color] [color=#A23BEC]< %systemroot%\BackUp\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.ico >[/color] [2006/09/18 16:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico [color=#A23BEC]< %systemroot%\system\*.dat >[/color] [color=#A23BEC]< %systemroot%\system\*.exe >[/color] [1999/09/10 12:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE [color=#A23BEC]< %AppData%\Macromedia\Common\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\dir\*.* /s >[/color] [color=#A23BEC]< %systemroot%\system32\ras\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\MFILES\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\services\*.* >[/color] [color=#A23BEC]< %systemroot%\Spooler\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\system32\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\Setup\*.dll /x >[/color] [color=#A23BEC]< %systemroot%\system32\*.mine >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\cleansweep.exe\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\ras\*.dll >[/color] [color=#A23BEC]< %systemroot%\system32\ras\*.drv >[/color] [color=#A23BEC]< %systemroot%\*.iq >[/color] [color=#A23BEC]< %systemroot%\system32\XP\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\Extracted\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\windows\*.* >[/color] [color=#A23BEC]< %systemroot%\logs\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\Win.Msi\*.* >[/color] [color=#A23BEC]< %systemroot%\regedit\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\skype\*.* >[/color] [color=#A23BEC]< %AppData%\Adobe\dlluplwin25\*.* >[/color] [color=#A23BEC]< %UserProfile%\*.dat >[/color] [2010/11/26 15:13:02 | 003,932,160 | -HS- | M] () -- C:\Users\hedge\NTUSER.DAT [color=#A23BEC]< %UserProfile%\*.dll >[/color] [color=#A23BEC]< %systemroot%\system32\*.sxo >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\Gazma\*.* /s >[/color] [color=#A23BEC]< %systemroot%\system32\spynet\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\System\*.* >[/color] [color=#A23BEC]< %appdata%\Microsoft\Windows\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\WinDir\*.* >[/color] [color=#A23BEC]< %systemroot%\_\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\windows32\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\win\*.* >[/color] [color=#A23BEC]< %AppData%\Microsoft\CD Burning\*.* >[/color] [color=#A23BEC]< %systemroot%\*.cab >[/color] [color=#A23BEC]< %systemroot%\K.Backup\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Massenger\*.* >[/color] [color=#A23BEC]< %systemroot%\System32\*.doc >[/color] [color=#A23BEC]< %systemroot%\Office12\*.* >[/color] [color=#A23BEC]< %systemroot%\System32\Rundl32.exe\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\yahoo.net\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.igo >[/color] [color=#A23BEC]< %systemroot%\*.rew >[/color] [color=#A23BEC]< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >[/color] [color=#A23BEC]< %USERPROFILE%\.COMMgr\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\Desktop\*.bat >[/color] [color=#A23BEC]< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >[/color] [color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.Jmp >[/color] [color=#A23BEC]< %PROGRAMFILES%\Windows NT\system\*.dll >[/color] [color=#A23BEC]< %systemroot%\system32\*.ext >[/color] [color=#A23BEC]< %systemroot%\system32\Com\*.cfg >[/color] [color=#A23BEC]< %systemroot%\system32\btz\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\EMP\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\expo\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\inet2\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\xrem\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Microsoft\*.* >[/color] [color=#A23BEC]< %systemroot%\usgwmt\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\B\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\lspp\*.* >[/color] [color=#A23BEC]< %systemroot%\Kral\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\windowsdvd.exe\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.ipo >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.mof >[/color] [color=#A23BEC]< %systemroot%\*.atm >[/color] [color=#A23BEC]< %systemroot%\system32\svhost\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\system32\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Docmentt\*.* >[/color] [color=#A23BEC]< %systemroot%\Help\*.vbs >[/color] [color=#A23BEC]< %ProgramFiles%\Windows WinSxs\*.* /s >[/color] [color=#A23BEC]< %ProgramFiles%\Outlook Express\IDT\*.* /s >[/color] [color=#A23BEC]< %ProgramFiles%\Microsoft Office\365\*.* /s >[/color] [color=#A23BEC]< %ProgramFiles%\Windows Live\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\win32\*.* >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\RECYCLER\*.* >[/color] [color=#A23BEC]< %systemroot%\Fresh1\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\Kekj\*.* /s >[/color] [color=#A23BEC]< %systemroot%\GDU\*.* >[/color] [color=#A23BEC]< %systemroot%\KA\*.* >[/color] [color=#A23BEC]< %systemroot%\R\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.fyo >[/color] [color=#A23BEC]< %USERPROFILE%\System\*.* >[/color] [color=#A23BEC]< %systemroot%\Source\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\ac\*.* >[/color] [color=#A23BEC]< %ProgramFiles%\MSDN\*.* >[/color] [color=#A23BEC]< %AppData%\AdobeUM\winvcldll54\*.* /s >[/color] [color=#A23BEC]< %ProgramFiles%\Internet Explorer\*.ico >[/color] [color=#A23BEC]< %systemroot%\system32\*.ojo >[/color] [color=#A23BEC]< %systemroot%\system32\d323s\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\re\*.* >[/color] [color=#A23BEC]< %UserProfile%\Microsoft\*.dll >[/color] [color=#A23BEC]< %UserProfile%\Microsoft\*.log >[/color] [color=#A23BEC]< %systemroot%\Bios\*.* >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-24 08:00:30 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 72 bytes -> C:\Windows:7A077D61D7B25150 < End of report >