OTL logfile created on: 11/27/2010 2:05:44 AM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = F:\ Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free 3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): c:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 2.60 Gb Free Space | 13.30% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.13% Space Free | Partition Type: NTFS Drive E: | 14.65 Gb Total Space | 11.04 Gb Free Space | 75.35% Space Free | Partition Type: NTFS Drive F: | 122.71 Mb Total Space | 121.87 Mb Free Space | 99.32% Space Free | Partition Type: FAT Drive R: | 25.70 Gb Total Space | 17.88 Gb Free Space | 69.56% Space Free | Partition Type: NTFS Computer Name: OLIVAW | User Name: Michelle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/11/26 09:35:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2010/05/10 11:34:22 | 004,456,448 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe PRC - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe PRC - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- D:\Utils\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/04/29 14:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- D:\Utils\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/04/09 15:32:40 | 001,459,568 | ---- | M] (RealVNC Ltd.) -- R:\Programs\VNC\winvnc4.exe PRC - [2009/09/25 03:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\Common Framework\naPrdMgr.exe PRC - [2009/09/25 03:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\Common Framework\UdaterUI.exe PRC - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\Common Framework\FrameworkService.exe PRC - [2009/09/25 03:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\Common Framework\McTray.exe PRC - [2009/04/29 19:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2009/04/29 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/04/29 19:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/04/29 19:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2009/04/29 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009/04/29 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- R:\Programs\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2007/09/27 13:04:26 | 001,318,912 | ---- | M] ( ) -- R:\Utils\Netgear\WG511T\Utility\Gear511.exe PRC - [2007/04/11 22:56:13 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2006/10/04 11:49:02 | 000,892,928 | ---- | M] (Diskeeper Corporation) -- R:\Programs\Diskeeper\DkService.exe PRC - [2005/10/21 15:13:40 | 000,163,840 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe PRC - [2005/10/21 15:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe PRC - [2005/10/21 15:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe PRC - [2005/10/21 14:54:54 | 000,010,240 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe PRC - [2005/10/21 12:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) -- R:\Programs\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/10/07 00:25:36 | 000,320,472 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe PRC - [2003/02/24 14:35:12 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\pctspk.exe PRC - [2002/04/11 13:47:52 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/11/26 09:35:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL.exe MOD - [2010/11/24 13:04:45 | 000,049,664 | -H-- | M] () -- C:\WINDOWS\system32\autofunc.dll MOD - [2004/08/04 07:00:00 | 000,373,248 | ---- | M] () -- C:\WINDOWS\enufaner.dll MOD - [2004/08/04 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- D:\SEP\SmcLU\Setup\smcinst.exe -- (Smcinst) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\NWDLS.exe -- (NWDLS) SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010/05/10 11:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010/05/10 11:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010/05/10 11:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010/04/29 14:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Utils\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/04/09 15:32:40 | 001,459,568 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- R:\Programs\VNC\WinVNC4.exe -- (WinVNC4) SRV - [2009/09/25 03:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- R:\Programs\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009/04/29 19:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- R:\Programs\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2009/04/29 19:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/04/29 19:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- R:\Programs\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009/04/29 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- R:\Programs\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2009/03/20 18:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2006/10/04 11:49:02 | 000,892,928 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- R:\Programs\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005/10/21 15:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare) SRV - [2005/10/21 15:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB) SRV - [2005/10/21 15:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch) SRV - [2005/10/21 12:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer) SRV - [2005/10/21 12:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Auto | Running] -- R:\Programs\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer) SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2003/10/07 00:25:36 | 000,320,472 | ---- | M] (VERITAS Software Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe -- (BackupExecAgentAccelerator) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\REGSYS.SYS -- (REGMON) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\FILEM.SYS -- (FILEMON) DRV - [2010/08/03 09:32:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/04/29 14:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/04/09 15:21:28 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror) DRV - [2009/04/29 19:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/04/29 19:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/04/29 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/04/29 19:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/04/29 19:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/04/29 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2006/12/18 17:00:20 | 000,424,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/03/23 00:27:10 | 000,488,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg511nd5.sys -- (NETGEAR_WG511_SERVICE) DRV - [2006/02/25 15:01:12 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5) DRV - [2005/10/21 13:34:30 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter) DRV - [2005/10/20 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp) DRV - [2005/10/20 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k) DRV - [2005/10/20 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K) DRV - [2005/10/20 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K) DRV - [2005/01/27 02:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/11/15 14:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM) DRV - [2003/07/29 13:13:00 | 000,587,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/05/30 17:45:16 | 000,477,403 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom) DRV - [2003/05/30 16:50:46 | 000,690,973 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem) DRV - [2003/05/28 11:08:12 | 000,066,111 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice) DRV - [2003/05/15 17:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003/02/24 14:30:02 | 000,135,292 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial) DRV - [2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{E180C273-010D-404F-92D3-2156BFABB60A}: C:\Documents and Settings\michelle\Local Settings\Application Data\{E180C273-010D-404F-92D3-2156BFABB60A}\ [2010/11/27 01:21:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/10/18 19:42:34 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Utils\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - R:\Programs\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AS00_Gear511] R:\Utils\Netgear\WG511T\Utility.\Gear511.exe ( ) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [DiskeeperSystray] R:\Programs\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DNS7reminder] D:\Utils\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Utils\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] R:\Programs\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Ofekoretubedid] C:\WINDOWS\enufaner.DLL () O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe () O4 - HKLM..\Run: [POINTER] File not found O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe () O4 - HKLM..\Run: [ShStatEXE] R:\Programs\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SystemLch] File not found O4 - HKLM..\Run: [WinSys] R:\Utils\SysMon\WinBssSessionMgrX.exe File not found O4 - HKCU..\Run: [Bqiwubizebufisaw] C:\WINDOWS\MVBC4325.DLL File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = R:\Utils\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: E&xport to Microsoft Excel - R:\Programs\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - R:\Programs\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257539323346 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257554810762 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.12 24.92.226.173 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bss.com O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll () O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21 - SSODL: SysNet - {2AB95A35-65F5-4A5B-AD67-43FEF5782BC7} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/04/11 15:09:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: compkrnl - (C:\WINDOWS\system32\autofunc.dll) - C:\WINDOWS\system32\autofunc.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.) Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks) CREATERESTOREPOINT Restore point Set: OTL Restore Point (15494734470447104) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/11/27 01:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\{E180C273-010D-404F-92D3-2156BFABB60A} [2010/11/27 01:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010/11/27 01:04:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2010/11/27 01:04:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2010/11/27 01:04:22 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2010/11/27 01:02:36 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2010/11/27 00:37:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp [2010/11/14 20:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2010/11/11 01:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\WDC [2010/11/11 00:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2010/11/11 00:57:26 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys [2010/11/11 00:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital [2010/11/11 00:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Western Digital [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/11/27 02:01:28 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\mguxkyue.job [2010/11/27 01:57:38 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/11/27 01:26:54 | 000,436,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/27 01:26:54 | 000,069,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/27 01:17:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/27 01:17:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/11/27 01:10:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/27 01:10:38 | 1341,435,904 | -HS- | M] () -- C:\hiberfil.sys [2010/11/27 01:10:38 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/11/27 01:06:41 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010/11/27 01:01:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010/11/27 01:01:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010/11/27 01:01:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010/11/27 01:00:53 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010/11/27 00:57:18 | 000,022,764 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/11/27 00:46:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010/11/24 13:04:45 | 000,049,664 | -H-- | M] () -- C:\WINDOWS\System32\autofunc.dll [2010/11/24 12:56:48 | 000,572,590 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010/11/22 07:50:31 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/11/21 23:10:53 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/11/18 20:09:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/11/16 20:32:17 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job [2010/11/16 20:01:40 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job [2010/11/14 20:54:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/11/11 00:57:52 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/11/11 00:57:35 | 000,001,099 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk [2010/11/05 22:46:51 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\michelle\Desktop\http.doc [2010/11/01 22:11:30 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\michelle\Desktop\Sample Position Paper.doc [2010/10/29 22:12:26 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\michelle\Desktop\essay 1 hist.doc [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/11/27 01:04:12 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2010/11/27 01:03:38 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010/11/27 01:03:26 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2010/11/27 01:03:25 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2010/11/27 01:03:23 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010/11/27 01:03:13 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2010/11/27 01:03:04 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010/11/27 01:02:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2010/11/27 01:02:39 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2010/11/27 00:37:12 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2010/11/27 00:37:11 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2010/11/27 00:37:11 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2010/11/27 00:37:11 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2010/11/27 00:37:11 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2010/11/27 00:37:11 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2010/11/27 00:37:11 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2010/11/27 00:37:11 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2010/11/27 00:37:11 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2010/11/27 00:37:11 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2010/11/27 00:37:11 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2010/11/27 00:37:11 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2010/11/27 00:37:11 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2010/11/27 00:37:11 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2010/11/27 00:37:11 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2010/11/27 00:37:10 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2010/11/27 00:37:10 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2010/11/27 00:37:10 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2010/11/24 13:04:45 | 000,049,664 | -H-- | C] () -- C:\WINDOWS\System32\autofunc.dll [2010/11/11 01:51:58 | 000,177,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/11/11 00:57:52 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/11/11 00:57:35 | 000,001,099 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk [2010/11/05 22:46:50 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\michelle\Desktop\http.doc [2010/11/01 22:11:34 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\michelle\Desktop\Sample Position Paper.doc [2010/09/04 14:04:41 | 000,002,867 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2010/05/10 07:43:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\VNCpm.dll [2010/04/02 23:07:39 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2010/01/14 21:33:13 | 000,000,397 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI [2010/01/04 22:17:48 | 000,002,234 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\SAS7_000.DAT [2009/11/06 21:53:17 | 000,000,043 | ---- | C] () -- C:\WINDOWS\INSTALL.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/15 21:07:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\rx_image.Cache [2009/01/15 21:07:05 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\rx_audio.Cache [2008/11/05 18:46:14 | 000,019,813 | ---- | C] () -- C:\WINDOWS\zawakubyle.sys [2008/11/05 18:46:14 | 000,014,271 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\zifepo.dl [2008/11/05 18:46:14 | 000,012,775 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\uxepob.vbs [2008/11/05 18:46:14 | 000,011,606 | ---- | C] () -- C:\Program Files\Common Files\mafum.lib [2008/11/05 18:46:14 | 000,011,275 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\usec.dl [2008/11/05 18:46:14 | 000,010,843 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\qupenexyru.ban [2008/11/05 18:46:14 | 000,010,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mohy.inf [2008/09/10 20:10:53 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/08/19 13:21:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\kill.dll [2008/02/17 20:33:00 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI [2008/02/17 20:26:49 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI [2007/07/15 13:14:52 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/04/13 14:00:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007/04/13 13:53:32 | 000,003,957 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007/04/13 12:58:36 | 000,000,075 | ---- | C] () -- C:\WINDOWS\AARCADE.INI [2007/04/13 12:55:01 | 000,000,413 | ---- | C] () -- C:\WINDOWS\ENTPACK.INI [2007/04/13 09:11:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007/04/13 08:23:30 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2007/04/12 21:33:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/04/12 17:44:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/04/12 17:44:46 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/04/11 22:24:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2007/04/11 10:51:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/10/24 19:35:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/10/21 13:07:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2005/10/19 15:56:36 | 003,596,288 | R--- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2004/11/30 03:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll [2004/08/04 07:00:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\enufaner.dll [2004/08/04 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004/08/04 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll [2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll [2003/02/13 16:40:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mdmmoh.dll [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll [1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [color=#E56717]========== LOP Check ==========[/color] [2007/06/27 21:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 [2010/01/04 21:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2010/01/04 21:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2007/04/12 21:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging [2010/11/16 20:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/11/11 00:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2009/09/10 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/24 15:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/01/04 21:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nuance [2010/11/27 02:01:28 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\mguxkyue.job [2010/11/16 20:01:40 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job [2010/11/16 20:32:17 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe [2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe [2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2007/04/11 15:09:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/11/26 18:01:46 | 000,061,356 | ---- | M] () -- C:\bold.log [2010/11/27 00:46:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2007/04/11 15:09:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/11/27 01:10:38 | 1341,435,904 | -HS- | M] () -- C:\hiberfil.sys [2007/04/11 15:09:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/04/11 15:09:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/04 16:59:39 | 000,250,048 | RHS- | M] () -- C:\ntldr [2010/11/27 01:10:36 | 2013,265,920 | -HS- | M] () -- C:\pagefile.sys [2004/05/03 11:02:28 | 000,000,057 | ---- | M] () -- C:\Post-Backup.bat [2004/05/03 11:02:33 | 000,000,056 | ---- | M] () -- C:\Pre-Backup.bat [2009/02/08 14:51:40 | 000,000,013 | ---- | M] () -- C:\Rescued doc.txt [2010/06/15 19:48:39 | 000,048,678 | ---- | M] () -- C:\Rescued document 2.txt [2010/06/15 19:49:27 | 000,048,685 | ---- | M] () -- C:\Rescued document 3.txt [2008/11/26 23:06:42 | 000,066,985 | ---- | M] () -- C:\Rescued document.txt [2009/11/06 07:00:28 | 000,000,075 | ---- | M] () -- C:\xxx.bat [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2010/11/24 17:32:23 | 000,786,432 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010/11/24 13:05:37 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav [2010/11/24 17:32:23 | 030,932,992 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010/11/24 17:32:22 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] "RescheduleWaitTime" = 4 "NoAutoRebootWithLoggedOnUsers" = 0 "NoAutoUpdate" = 0 "AUOptions" = 4 "AUState" = 2 "ScheduledInstallDay" = 0 "ScheduledInstallTime" = 3 "UseWUServer" = 0 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 23:44:04 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD < End of report >